Skip to main content
CVE-2014-7187 CRITICAL POC THREAT Emergency

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.9%.

Denial Of Service Buffer Overflow Bash
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
89.9%
Threat
6.2
CVE-2014-7186 CRITICAL POC THREAT Emergency

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.3%.

Denial Of Service Buffer Overflow Bash
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
89.3%
Threat
6.2
CVE-2014-6417 HIGH POC PATCH This Week

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
7.8
EPSS
4.8%
CVE-2014-6416 HIGH POC PATCH This Week

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 2.0
7.8
EPSS
2.2%
CVE-2014-3535 HIGH POC PATCH This Week

include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-6418 HIGH POC PATCH This Week

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 2.0
7.1
EPSS
4.0%
CVE-2014-3631 HIGH POC PATCH This Week

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
0.3%
CVE-2014-0205 MEDIUM POC PATCH This Month

The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial. Rated medium severity (CVSS 6.9). Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-6657 MEDIUM POC PATCH This Month

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Privilege Escalation Linux Linux Kernel Suse Linux Enterprise Server
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-6410 MEDIUM POC PATCH This Month

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-7145 HIGH PATCH This Week

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD GitHub
CVSS 2.0
7.8
EPSS
1.2%
CVE-2014-3183 MEDIUM This Month

Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-3182 MEDIUM This Month

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-3181 MEDIUM This Month

Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-3185 MEDIUM This Month

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-3186 MEDIUM This Month

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Google Linux Buffer Overflow RCE +2
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6771 MEDIUM This Month

The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure United Heritage Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6770 MEDIUM This Month

The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aerospace Jobs
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6769 MEDIUM This Month

The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Meteo Belgique
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6768 MEDIUM This Month

The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Anywhere Anytime Yoga Workout
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6767 MEDIUM This Month

The Juggle!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Juggle Free
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6766 MEDIUM This Month

The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Afro Beat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6765 MEDIUM This Month

The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure No Fuss Home Loans
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6764 MEDIUM This Month

The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Assyrian
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6763 MEDIUM This Month

The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Codename Birdgame
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6762 MEDIUM This Month

The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bongomovie
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6761 MEDIUM This Month

The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aprende A Meditar
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6760 MEDIUM This Month

The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Harem Thief Dating
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6759 MEDIUM This Month

The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Downton Abbey Fan Portal
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6758 MEDIUM This Month

The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Qin Story
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6757 MEDIUM This Month

The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Koran Alqoranvideos
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6756 MEDIUM This Month

The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Reddit Aww
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6755 MEDIUM This Month

The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sdn Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6754 MEDIUM This Month

The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Vector Outage Manager
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6753 MEDIUM This Month

The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sunnat E Rasool
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6752 MEDIUM This Month

The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mindless Behavior Fan Base
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6751 MEDIUM This Month

The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Grasshopper Beta
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6750 MEDIUM This Month

The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 0 99 Kindle Books
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6749 MEDIUM This Month

The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure American Nurses Association
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6748 MEDIUM This Month

The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gemaire S Hvac Assist
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-3184 MEDIUM This Month

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2639 MEDIUM PATCH This Month

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

HP RCE Code Injection Mpio Device Specific Module Manager
NVD
CVSS 2.0
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy