Skip to main content
CVE-2014-2375 HIGH PATCH This Week

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable.

Denial Of Service Integraxor
NVD
CVSS 2.0
8.3
EPSS
0.6%
CVE-2014-2376 HIGH PATCH This Week

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Integraxor
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-0993 MEDIUM PATCH This Month

Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Buffer Overflow Embarcadero C Builder Xe6 Embarcadero Delphi Xe6
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2014-5905 MEDIUM This Month

The Grocery List - Tomatoes (aka com.meucarrinho) application 5.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Grocery List Tomatoes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5904 MEDIUM This Month

The MiniInTheBox Online Shopping (aka com.miniinthebox.android) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Miniinthebox Online Shopping
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5903 MEDIUM This Month

The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mobile Work
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5902 MEDIUM This Month

The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ua Cinemas Mobile Ticketing
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5901 MEDIUM This Month

The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Beauty Bible App For Girls
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5900 MEDIUM This Month

The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Myhomework Student Planner
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5899 MEDIUM This Month

The Nespresso (aka com.nespresso.activities) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nespresso
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5898 MEDIUM This Month

The Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck.driver.simulator3d) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Heavy Duty Truck Driver Simulator 3D
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5897 MEDIUM This Month

The Parallel Mafia MMORPG (aka com.perblue.pm.client) application @7F070000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Parallel Mafia Mmorpg
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5896 MEDIUM This Month

The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Globaltalk Free Phone Calls
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5895 MEDIUM This Month

The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Shopyourway
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5894 MEDIUM This Month

The AireTalk: Text, Call, & More!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Airetalk Text Call More
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5893 MEDIUM This Month

The froyo (aka com.shinsegae.mobile.froyo) application 5.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Froyo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5892 MEDIUM This Month

The greenbill (aka com.show.greenbill_G) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Greenbill
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5891 MEDIUM This Month

The SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Snipsnap Coupon App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5890 MEDIUM This Month

The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kbo Sports2I 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5889 MEDIUM This Month

The Android Forums (aka com.tapatalk.androidforumscom) application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Forum For Android
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-2377 MEDIUM This Month

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Integraxor
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3796 MEDIUM PATCH This Month

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Nsx Vcloud Networking And Security
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-6392 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Facebook Facebook Messenger
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5407 MEDIUM This Month

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2). Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service Schneider Electric Stack Overflow Buffer Overflow Vampset
NVD GitHub
CVSS 2.0
4.1
EPSS
0.1%
CVE-2014-3617 MEDIUM PATCH This Month

The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4763 LOW Monitor

Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Filenet Content Foundation Filenet Content Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3077 LOW Monitor

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize V7000 Unified Software Storwize Unified V7000
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy