Skip to main content
CVE-2014-3513 HIGH PATCH Act Now

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 25.7%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
7.1
EPSS
25.7%
CVE-2014-3567 HIGH Act Now

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 21.7% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
7.1
EPSS
21.7%
CVE-2014-5422 CRITICAL Act Now

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated critical severity (CVSS 9.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pyxis Supplystation
NVD
CVSS 2.0
9.7
EPSS
0.4%
CVE-2014-3397 HIGH This Week

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Mcu Software
NVD
CVSS 2.0
7.8
EPSS
5.9%
CVE-2014-2647 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS HP Operations Agent
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-4840 HIGH This Week

IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Tririga Application Platform
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2014-3368 HIGH This Week

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Expressway Software Telepresence Video Communication Server Software
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-3370 HIGH This Week

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software Expressway Software
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-3369 HIGH This Week

The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Expressway Software Telepresence Video Communication Server Software
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-3406 HIGH This Week

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service Intrusion Prevention System
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2014-3408 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Optical
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-7874 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage Hp Ux
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5421 MEDIUM This Month

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pyxis Supplystation
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4833 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-7057 MEDIUM This Month

The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hong Kong Tatler Society
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7483 MEDIUM This Month

The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Desire2Learn Fusion 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7481 MEDIUM This Month

The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Etg Hosting
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7478 MEDIUM This Month

The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nashaplaneta Su
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7476 MEDIUM This Month

The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Healthy Lunch Diet Recipes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7475 MEDIUM This Month

The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ionic View
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7472 MEDIUM This Month

The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Csapp Colegio San Agustin
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7471 MEDIUM This Month

The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure International Arbitration Attorney Com
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7470 MEDIUM This Month

The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure I Know The Movie
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7469 MEDIUM This Month

The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Best Beginning
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7468 MEDIUM This Month

The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ag Klettern Odenwald
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7467 MEDIUM This Month

The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Honeybee Mag
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7466 MEDIUM This Month

The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Live Tv Browser
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7465 MEDIUM This Month

The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pc Advisor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7464 MEDIUM This Month

The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Magic Stamp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7463 MEDIUM This Month

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Im5 Fans Planet
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7462 MEDIUM This Month

The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fashion Story
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7461 MEDIUM This Month

The A King Sperm by Dr. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure A King Sperm By Dr Seema Rao
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7460 MEDIUM This Month

The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slots Heaven
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7459 MEDIUM This Month

The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Press Leader
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7458 MEDIUM This Month

The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bloomyou Valentine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7457 MEDIUM This Month

The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Electronics For You
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7456 MEDIUM This Month

The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Digit Magazine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7455 MEDIUM This Month

The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Zoella Unofficial
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7454 MEDIUM This Month

The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Detox Juicing Diet Recipes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7452 MEDIUM This Month

The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Shaklee Product Catalog
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7450 MEDIUM This Month

The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Allnurses
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7449 MEDIUM This Month

The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My Ngemc Account
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7448 MEDIUM This Month

The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dealside Institutional
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7447 MEDIUM This Month

The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dattch The Lesbian App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7446 MEDIUM This Month

The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bilingual Magic Ball
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7445 MEDIUM This Month

The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Legend Of Trance
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7444 MEDIUM This Month

The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Baidu Navigation
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7443 MEDIUM This Month

The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Face Fun Photo Collage Maker 2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7441 MEDIUM This Month

The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pakan Ken Tube
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7439 MEDIUM This Month

The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bene Odmeny A Slevy
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy