Skip to main content
CVE-2014-7086 MEDIUM This Month

The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Killer Screen Lock
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7085 MEDIUM This Month

The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure I Newspaper
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7082 MEDIUM This Month

The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure No Disturb
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7078 MEDIUM This Month

The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Payoneer Sign Up
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7077 MEDIUM This Month

The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gulf Coast Educators Fcu
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7076 MEDIUM This Month

The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sanctuary Asia
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7073 MEDIUM This Month

The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Andrew Magdy Kamal S Network
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7072 MEDIUM This Month

The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Venezia Map
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7071 MEDIUM This Month

The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Autocar India
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7069 MEDIUM This Month

The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aventino Brand
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7068 MEDIUM This Month

The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Neumann Student Activities
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7067 MEDIUM This Month

The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Btd5 Videos
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7066 MEDIUM This Month

The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Legalera
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7065 MEDIUM This Month

The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nigerias Business Directory
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7064 MEDIUM This Month

The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application 0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ben10 Omniverse Walkthrough
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7063 MEDIUM This Month

The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bikers Romagna
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7062 MEDIUM This Month

The Association Min Ajlik (aka com.association.min.ajlik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Association Min Ajlik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7061 MEDIUM This Month

The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Modsim World 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7060 MEDIUM This Month

The Your Tango (aka com.your.tango) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Your Tango
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7059 MEDIUM This Month

The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Thedevildoggamer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7058 MEDIUM This Month

The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Efendimizin Sunnetleri
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7055 MEDIUM This Month

The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ncci S Annual Issues Symposium
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7054 MEDIUM This Month

The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Musica De Barrios Sonideros
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7053 MEDIUM This Month

The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure City Star Me
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7191 MEDIUM PATCH This Month

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Node.js Node Js
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-5425 MEDIUM This Month

IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ioserver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3021 MEDIUM This Month

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3381 MEDIUM This Month

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Asyncos
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3568 MEDIUM This Month

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Authentication Bypass
NVD
CVSS 2.0
4.3
EPSS
3.5%
CVE-2014-5330 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Birdblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5331 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Aflax
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4830 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4825 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6116 MEDIUM This Month

The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4828 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2358 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fox Datadiode
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-5420 LOW Monitor

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Pyxis Supplystation
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6100 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Directory Server Tivoli Directory Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4838 LOW Monitor

Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tririga Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4837 LOW Monitor

Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tririga Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4836 LOW Monitor

Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tririga Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5423 LOW Monitor

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file. Rated low severity (CVSS 1.9). No vendor patch available.

Authentication Bypass Pyxis Supplystation
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4822 LOW Monitor

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Java Authentication Bypass Websphere Mq Websphere Mq Explorer
NVD
CVSS 2.0
1.9
EPSS
0.1%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy