Skip to main content
CVE-2014-2886 MEDIUM POC This Month

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Gksu
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-4377 MEDIUM This Month

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service Apple RCE Tvos Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
11.3%
CVE-2014-4415 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4414 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4413 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4412 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4411 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4410 MEDIUM This Month

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-4368 MEDIUM This Month

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-4408 MEDIUM This Month

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4824 MEDIUM PATCH This Month

SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5412 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-5413 MEDIUM This Month

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Clearscada Scada Expert Clearscada
NVD GitHub
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-4378 MEDIUM This Month

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Tvos Iphone Os +1
NVD
CVSS 2.0
5.8
EPSS
2.1%
CVE-2014-4354 MEDIUM This Month

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4364 MEDIUM This Month

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 3.0
5.6
EPSS
0.5%
CVE-2014-4373 MEDIUM This Month

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-5957 MEDIUM This Month

The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alien War Survivors
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5956 MEDIUM This Month

The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vplayer Video Player
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5955 MEDIUM This Month

The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Atomic Fusion
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5954 MEDIUM This Month

The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure State Bank Anywhere
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5953 MEDIUM This Month

The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kaskus
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5952 MEDIUM This Month

The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure E Dziennik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5951 MEDIUM This Month

The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sinopac
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5950 MEDIUM This Month

The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Now
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5949 MEDIUM This Month

The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ticket App Concerts Sports
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5948 MEDIUM This Month

The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Obama For America
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5947 MEDIUM This Month

The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Psicofxp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5946 MEDIUM This Month

The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application 3.4.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Forumhawaaworldcom
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5945 MEDIUM This Month

The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Edline Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5944 MEDIUM This Month

The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Soccer Blitz
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5943 MEDIUM This Month

The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Labmsf Antivirus Beta
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5942 MEDIUM This Month

The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Baby Stomach Surgery
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5941 MEDIUM This Month

The Armpit Spa & Girl Games (aka com.freegames.spamakeover) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Armpit Spa Girl Games
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5940 MEDIUM This Month

The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pocketpc Ch
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5939 MEDIUM This Month

The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Travelzadcomvb
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5938 MEDIUM This Month

The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alldealsasia All Deals Ada App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5937 MEDIUM This Month

The Social Networking (aka com.wSocialNetworkingSites) application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Social Networking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5936 MEDIUM This Month

The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Incognito Private Browser
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5935 MEDIUM This Month

The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Daily Free App Amazon
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5934 MEDIUM This Month

The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Flurv Chat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5933 MEDIUM This Month

The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cokestudio7
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5932 MEDIUM This Month

The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vodafone Mobile Work
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5931 MEDIUM This Month

The Stop & Shop SCAN IT!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Stop Shop Scan It Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5930 MEDIUM This Month

The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Store And Share
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5929 MEDIUM This Month

The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Emartmall
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5928 MEDIUM This Month

The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Steganos Online Shield Vpn
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5927 MEDIUM This Month

The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fastcustomer Fast Customer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5926 MEDIUM This Month

The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dcu Mobile Banking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5925 MEDIUM This Month

The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 10000 Kindle Books Downloads
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy