Skip to main content
CVE-2014-5935 MEDIUM This Month

The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Daily Free App Amazon
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5934 MEDIUM This Month

The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Flurv Chat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5933 MEDIUM This Month

The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cokestudio7
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5932 MEDIUM This Month

The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vodafone Mobile Work
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5931 MEDIUM This Month

The Stop & Shop SCAN IT!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Stop Shop Scan It Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5930 MEDIUM This Month

The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Store And Share
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5929 MEDIUM This Month

The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Emartmall
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5928 MEDIUM This Month

The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Steganos Online Shield Vpn
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5927 MEDIUM This Month

The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fastcustomer Fast Customer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5926 MEDIUM This Month

The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dcu Mobile Banking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5925 MEDIUM This Month

The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 10000 Kindle Books Downloads
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5924 MEDIUM This Month

The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Monster Makeup
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5923 MEDIUM This Month

The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Facebook Status Via
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5922 MEDIUM This Month

The ga6748 (aka com.g.ga6748) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ga6748
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5921 MEDIUM This Month

The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Need For Speed Network
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5920 MEDIUM This Month

The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vk Amberfog
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5919 MEDIUM This Month

The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Surdoc 100Gb Free Storage
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-4366 MEDIUM This Month

Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4363 MEDIUM This Month

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Safari
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4362 MEDIUM This Month

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4361 MEDIUM This Month

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4374 MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Mac Os X Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-5411 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Schneider Electric Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-4409 MEDIUM This Month

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-4383 MEDIUM This Month

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4423 MEDIUM This Month

The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4353 MEDIUM This Month

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5317 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS 365 Links 365 Links 2 365 Links2
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4820 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Integration Bus Manufacturing Pack
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4826 MEDIUM PATCH This Month

IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4819 MEDIUM This Month

The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-4372 LOW Monitor

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2014-4407 LOW Monitor

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os Mac Os X
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2014-4356 LOW Monitor

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4367 LOW Monitor

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4357 LOW Monitor

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4352 LOW Monitor

Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-4421 LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4420 LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4419 LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4371 LOW Monitor

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4386 LOW Monitor

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-4384 LOW Monitor

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Rated low severity (CVSS 1.9). No vendor patch available.

Path Traversal Apple Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy