MidnightBSD

Advisories for mail.ru

CVE-2014-5804 MEDIUM

The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
mail.ru mail.ru_dating 3.0
CVE-2016-10716 LOW

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mail.ru calendar *