Skip to main content
CVE-2014-6242 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi PHP All In One Wordpress Security And Firewall
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
5.7%
CVE-2014-7158 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Wan Optimization Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3060 CRITICAL PATCH Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-3059 CRITICAL PATCH Act Now

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-7188 HIGH PATCH This Week

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 2.0
8.3
EPSS
2.4%
CVE-2014-7157 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wan Optimization Suite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3621 MEDIUM POC PATCH This Month

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone Ubuntu Linux Openstack
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-4793 MEDIUM PATCH This Month

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Websphere Mq
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-7154 MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora Debian Linux Xen +1
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2014-2641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-7155 MEDIUM PATCH This Month

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2014-6881 MEDIUM This Month

The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application before 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Virtual Wallet By Pnc
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6893 MEDIUM This Month

The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application 1.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pushpins Grocery Coupons
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6892 MEDIUM This Month

The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kalahari Com Shopping
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6890 MEDIUM This Month

The CouponCabin - Coupons & Deals (aka com.couponcabin) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Couponcabin Coupons Deals
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6889 MEDIUM This Month

The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gunbroker Com
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6888 MEDIUM This Month

The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pennytalk Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6886 MEDIUM This Month

The WePhone - phone calls vs skype (aka com.wephoneapp) application 1.03.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wephone Phone Calls Vs Skype
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6885 MEDIUM This Month

The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Academy Sports Outdoors Visa
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6884 MEDIUM This Month

The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ford Credit Account Manager
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6883 MEDIUM This Month

The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cnnmoney Portfolio For Stocks
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6882 MEDIUM This Month

The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Western Federal Credit Union
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6880 MEDIUM This Month

The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tradehero
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6879 MEDIUM This Month

The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Equifax Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6878 MEDIUM This Month

The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Rbfcu Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6877 MEDIUM This Month

The Santander Personal Banking (aka com.sovereign.santander) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Santander Personal Banking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6876 MEDIUM This Month

The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure American Express Serve
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6875 MEDIUM This Month

The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Woodforest Mobile Banking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6874 MEDIUM This Month

The ModSim Connected (aka com.concursive.modsim) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Modsim Connected
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6873 MEDIUM This Month

The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Amgc
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6872 MEDIUM This Month

The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ttnet Muzik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6871 MEDIUM This Month

The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hogs Fly Crazy
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6870 MEDIUM This Month

The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bgenergy
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6869 MEDIUM This Month

The barcode scanner (aka tw.com.books.android.plus) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Barcode Scanner
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6868 MEDIUM This Month

The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Synology Google Information Disclosure Ds Audio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6867 MEDIUM This Month

The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sortir En Alsace
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6866 MEDIUM This Month

The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Homeadvisor Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6865 MEDIUM This Month

The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Jamal Bates Show
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6864 MEDIUM This Month

The Forest River Forums (aka com.socialknowledge.forestriverforums) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Forest River Forums
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6863 MEDIUM This Month

The Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mootorratturid Biker Ee
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6862 MEDIUM This Month

The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Artacces
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6861 MEDIUM This Month

The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Terrarienbilder Com Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6860 MEDIUM This Month

The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Trial Tracker
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6859 MEDIUM This Month

The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Daum Maps Subway
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6858 MEDIUM This Month

The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mostafa Shemeas
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6857 MEDIUM This Month

The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Car Wallpapers Hd
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6856 MEDIUM This Month

The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ahrah
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-4765 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +9
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2640 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-3097 MEDIUM PATCH This Month

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Open Redirect Tivoli Federated Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy