Skip to main content
CVE-2014-7169 CRITICAL POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
90.1%
Threat
7.7
CVE-2014-1568 HIGH Act Now

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Mozilla Google Information Disclosure Microsoft Chrome +5
NVD
CVSS 2.0
7.5
EPSS
30.9%
CVE-2014-3354 HIGH This Week

Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
2.5%
CVE-2014-3360 HIGH This Week

Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Apple Cisco Denial Of Service iOS +1
NVD
CVSS 2.0
7.8
EPSS
1.9%
CVE-2014-3356 HIGH This Week

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow Ios Xe
NVD
CVSS 2.0
7.8
EPSS
1.9%
CVE-2014-3359 HIGH This Week

Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-3355 HIGH This Week

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow Ios Xe
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-3358 HIGH This Week

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Apple Cisco Denial Of Service iOS +1
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-3357 HIGH This Week

Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Apple Cisco Denial Of Service iOS +1
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-3361 HIGH This Week

The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 2.0
7.1
EPSS
1.0%
CVE-2014-6718 MEDIUM This Month

The My Mobile Day (aka com.mymobileday) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My Mobile Day
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6717 MEDIUM This Month

The iTriage Health (aka com.healthagen.iTriage) application 5.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Itriage Health
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6716 MEDIUM This Month

The fastin (aka moda.azyae.fastin.net) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fastin
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6715 MEDIUM This Month

The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slotmachine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6714 MEDIUM This Month

The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Webmd
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6713 MEDIUM This Month

The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Medical Chat And Mcqs Project
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6712 MEDIUM This Month

The Airlines International (aka org.iata.IAMagazine) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Airlines International
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6711 MEDIUM This Month

The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Abc Lounge Webradio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6710 MEDIUM This Month

The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Chifro Kids Coloring Game
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6709 MEDIUM This Month

The TechRadar News (aka com.techradar.news) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Techradar News
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6708 MEDIUM This Month

The Sporting Club Uphoria (aka com.sportinginnovations.skc) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Utah Jazz
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6707 MEDIUM This Month

The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 7Sage Lsat Prep Proctor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6706 MEDIUM This Month

The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Embry Riddle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6705 MEDIUM This Month

The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Maher Zain
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6704 MEDIUM This Month

The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Utah Jazz
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6703 MEDIUM This Month

The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Phonearabs4
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6702 MEDIUM This Month

The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application 1.41.54.9222 for Android does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Starsat International
NVD
CVSS 2.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy