Skip to main content
CVE-2014-4404 HIGH POC KEV THREAT Act Now

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Apple RCE Memory Corruption
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
62.0%
Threat
6.4
CVE-2014-2886 MEDIUM POC This Month

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Gksu
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-4380 CRITICAL Act Now

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Tvos Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2014-4405 CRITICAL Act Now

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os Tvos +1
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4389 CRITICAL Act Now

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Iphone Os Tvos Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4381 CRITICAL Act Now

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4377 MEDIUM This Month

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service Apple RCE Tvos Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
11.3%
CVE-2014-4422 HIGH This Week

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2014-4369 HIGH This Week

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2014-4388 HIGH This Week

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mac Os X Iphone Os Tvos
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2014-4418 HIGH This Week

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Iphone Os Tvos
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2014-4375 HIGH This Week

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X Tvos Iphone Os
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-4379 HIGH This Week

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
7.1
EPSS
1.9%
CVE-2014-4415 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4414 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4413 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4412 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4411 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4410 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4368 MEDIUM This Month

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-4408 MEDIUM This Month

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4824 MEDIUM PATCH This Month

SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5412 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-5413 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-4378 MEDIUM This Month

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
5.8
EPSS
2.1%
CVE-2014-4354 MEDIUM This Month

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4364 MEDIUM This Month

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 3.0
5.6
EPSS
0.5%
CVE-2014-4373 MEDIUM This Month

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-5957 MEDIUM This Month

The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alien War Survivors
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5956 MEDIUM This Month

The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vplayer Video Player
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5955 MEDIUM This Month

The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Atomic Fusion
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5954 MEDIUM This Month

The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure State Bank Anywhere
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5953 MEDIUM This Month

The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kaskus
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5952 MEDIUM This Month

The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure E Dziennik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5951 MEDIUM This Month

The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sinopac
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5950 MEDIUM This Month

The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Now
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5949 MEDIUM This Month

The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ticket App Concerts Sports
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5948 MEDIUM This Month

The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Obama For America
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5947 MEDIUM This Month

The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Psicofxp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5946 MEDIUM This Month

The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application 3.4.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Forumhawaaworldcom
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5945 MEDIUM This Month

The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Edline Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5944 MEDIUM This Month

The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Soccer Blitz
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5943 MEDIUM This Month

The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Labmsf Antivirus Beta
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5942 MEDIUM This Month

The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Baby Stomach Surgery
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5941 MEDIUM This Month

The Armpit Spa & Girl Games (aka com.freegames.spamakeover) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Armpit Spa Girl Games
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5940 MEDIUM This Month

The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pocketpc Ch
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5939 MEDIUM This Month

The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Travelzadcomvb
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5938 MEDIUM This Month

The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alldealsasia All Deals Ada App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5937 MEDIUM This Month

The Social Networking (aka com.wSocialNetworkingSites) application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Social Networking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5936 MEDIUM This Month

The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Incognito Private Browser
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy