Skip to main content
CVE-2014-6278 HIGH POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
90.1%
Threat
7.5
CVE-2014-7190 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Openfiler
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4728 MEDIUM POC This Month

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wdr4300 Firmware Tl Wdr4300
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-6269 MEDIUM POC This Month

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Haproxy
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-6619 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Restaurant Script
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2014-6051 HIGH PATCH This Week

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Enterprise Linux Server Aus Enterprise Linux Server Eus +4
NVD GitHub
CVSS 2.0
7.5
EPSS
6.6%
CVE-2014-6055 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2%.

Denial Of Service RCE Buffer Overflow Fedora Debian Linux +3
NVD GitHub
CVSS 2.0
6.5
EPSS
11.2%
CVE-2012-5487 HIGH PATCH This Week

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Python Privilege Escalation Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.7%
CVE-2012-5493 HIGH PATCH This Week

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.4%
CVE-2014-4727 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS TP-Link Tl Wdr4300 Firmware Tl Wdr4300
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6618 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Your Online Shop
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6273 MEDIUM PATCH This Month

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Advanced Package Tool
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-5267 MEDIUM PATCH This Month

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-5485 MEDIUM PATCH This Month

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-5489 MEDIUM PATCH This Month

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone Zope
NVD GitHub
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5486 MEDIUM PATCH This Month

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Plone Zope
NVD
CVSS 2.0
6.4
EPSS
0.8%
CVE-2014-4330 LOW POC Monitor

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Perl Data Dumper
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6850 MEDIUM This Month

The SED Account (aka com.starkville.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sed Account
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6848 MEDIUM This Month

The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Synology Google Information Disclosure Ds File
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6847 MEDIUM This Month

The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Horoscopes And Dreams
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6846 MEDIUM This Month

The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application @7F050007 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Four Seasons Beverly Hills
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6845 MEDIUM This Month

The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mediafire
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6844 MEDIUM This Month

The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Abc Song
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6843 MEDIUM This Month

The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sweatshop
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6842 MEDIUM This Month

The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Daily Advertiser Print
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6841 MEDIUM This Month

The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Rti India
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6840 MEDIUM This Month

The My Wedding Planner (aka app.wedding) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My Wedding Planner
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6839 MEDIUM This Month

The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alma Corinthiana
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6838 MEDIUM This Month

The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Groupama Toujours La
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6837 MEDIUM This Month

The Hillside (aka com.hillside.hermanus) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hillside
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6836 MEDIUM This Month

The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Synology Google Information Disclosure Ds Photo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6835 MEDIUM This Month

The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Herbal Guide
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6834 MEDIUM This Month

The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Instaroid Instagram Viewer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6833 MEDIUM This Month

The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Auctiontrac Dealer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6832 MEDIUM This Month

The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bersa Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6831 MEDIUM This Month

The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hippo Studio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6830 MEDIUM This Month

The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Covet Fashion Shopping Game
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6829 MEDIUM This Month

The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hook
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6828 MEDIUM This Month

The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gulf Credit Union
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6827 MEDIUM This Month

The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dk Online Beta
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6826 MEDIUM This Month

The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tic Tac To The Max Free
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6825 MEDIUM This Month

The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Teatro Franco Parenti
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6824 MEDIUM This Month

The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kamkomesan
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6823 MEDIUM This Month

The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kuailecaidengmi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6822 MEDIUM This Month

The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nerdico
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6821 MEDIUM This Month

The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Voetbal
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6819 MEDIUM This Month

The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lapp Group Catalogue
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6818 MEDIUM This Month

The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ohbm 20Th Annual Meeting
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6817 MEDIUM This Month

The Cove (aka org.covechurch.app) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cove
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6816 MEDIUM This Month

The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wisdom
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy