Skip to main content
CVE-2014-4393 CRITICAL Act Now

Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Intel Buffer Overflow RCE +1
NVD
CVSS 2.0
10.0
EPSS
6.1%
CVE-2014-4376 CRITICAL Act Now

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-4402 CRITICAL Act Now

An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2014-4390 CRITICAL Act Now

Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2012-2588 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mailenable
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4424 HIGH This Week

SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple SQLi Os X Server
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-1391 MEDIUM This Month

QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2014-4350 MEDIUM This Month

Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2014-4416 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4400 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4399 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4398 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4397 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4396 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4394 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2014-4401 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-4395 MEDIUM This Month

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple RCE Intel Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-4406 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Os X Server
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2014-5970 MEDIUM This Month

The BabyBus (aka com.sinyee.babybus.concert.ru) application 3.91 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Babybus
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5969 MEDIUM This Month

The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Healthylifestyle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5968 MEDIUM This Month

The iGolf - Golf GPS (aka com.igolf) application 20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Igolf Golf Gps
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5967 MEDIUM This Month

The Designs Nail Arts (aka com.decoracionesnailart.flickr) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Designs Nail Arts
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5966 MEDIUM This Month

The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme.dreamland.gold) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dreamland Super Theme Go Gold
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5965 MEDIUM This Month

The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Groovemusic
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5964 MEDIUM This Month

The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Megabank
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5963 MEDIUM This Month

The Halieutics (aka com.corn.Halieutics) application 21.40.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Halieutics
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5962 MEDIUM This Month

The Guess The Actor (aka com.gamelikeinc.actors) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Guess The Actor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5961 MEDIUM This Month

The russiananime (aka com.rareartifact.russiananime68A5CCFE) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Russiananime
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5960 MEDIUM This Month

The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Federal Doctors
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5959 MEDIUM This Month

The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tx Smart
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5958 MEDIUM This Month

The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Chatbox Chat Rooms
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-3614 MEDIUM PATCH This Month

Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Powerdns Recursor
NVD
CVSS 2.0
5.0
EPSS
0.0%
CVE-2012-6659 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phorum
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4403 LOW Monitor

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy