Skip to main content
CVE-2014-7069 MEDIUM This Month

The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aventino Brand
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7068 MEDIUM This Month

The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Neumann Student Activities
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7067 MEDIUM This Month

The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Btd5 Videos
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7066 MEDIUM This Month

The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Legalera
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7065 MEDIUM This Month

The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nigerias Business Directory
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7064 MEDIUM This Month

The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application 0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ben10 Omniverse Walkthrough
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7063 MEDIUM This Month

The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bikers Romagna
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7062 MEDIUM This Month

The Association Min Ajlik (aka com.association.min.ajlik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Association Min Ajlik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7061 MEDIUM This Month

The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Modsim World 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7060 MEDIUM This Month

The Your Tango (aka com.your.tango) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Your Tango
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7059 MEDIUM This Month

The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Thedevildoggamer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7058 MEDIUM This Month

The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Efendimizin Sunnetleri
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7055 MEDIUM This Month

The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ncci S Annual Issues Symposium
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7054 MEDIUM This Month

The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Musica De Barrios Sonideros
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7053 MEDIUM This Month

The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure City Star Me
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7191 MEDIUM PATCH This Month

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Node.js Node Js
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-5425 MEDIUM This Month

IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ioserver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3021 MEDIUM This Month

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3381 MEDIUM This Month

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Asyncos
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3568 MEDIUM This Month

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Authentication Bypass
NVD
CVSS 2.0
4.3
EPSS
3.5%
CVE-2014-5330 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Birdblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5331 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Aflax
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4830 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4825 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6116 MEDIUM This Month

The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4828 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2358 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fox Datadiode
NVD
CVSS 2.0
4.3
EPSS
0.1%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy