Skip to main content
CVE-2014-5982 MEDIUM This Month

The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Runkeeper Gps Track Run Walk
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5971 MEDIUM This Month

The Fiksu library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fiksu Library
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5809 MEDIUM This Month

The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Smart Browser
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5665 MEDIUM This Month

The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mzone Login
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5320 MEDIUM This Month

The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Bump
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3635 MEDIUM PATCH This Month

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to. Rated medium severity (CVSS 4.4). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow D Bus Dbus +1
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2014-5316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Dotclear
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3595 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5322 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Filemaker Pro Filemaker Pro Advanced
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3639 LOW PATCH Monitor

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Opensuse D Bus Dbus
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3638 LOW PATCH Monitor

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service D Bus Dbus Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3637 LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy