Weekly Vulnerabilities Reports > September 15 to 21, 2014
Overview
214 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 159 products from 122 vendors including Apple, Microsoft, Adobe, Advantech, and IBM. Vulnerabilities are notably categorized as "Cryptographic Issues", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Cross-site Scripting", and "Information Exposure".
- 86 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 203 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 69 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
18 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-19 | CVE-2014-4393 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. | 10.0 |
2014-09-19 | CVE-2014-4376 | Apple | IOAcceleratorFamily Arbitrary Code Execution vulnerability in Apple Mac OS X IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | 10.0 |
2014-09-17 | CVE-2014-0568 | Adobe Microsoft | Security Bypass vulnerability in Adobe Reader and Acrobat The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attack. | 10.0 |
2014-09-17 | CVE-2014-0567 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561. | 10.0 |
2014-09-17 | CVE-2014-0566 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565. | 10.0 |
2014-09-17 | CVE-2014-0565 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566. | 10.0 |
2014-09-17 | CVE-2014-0561 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567. | 10.0 |
2014-09-17 | CVE-2014-0560 | Adobe Apple Microsoft | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-09-19 | CVE-2014-4402 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |
2014-09-19 | CVE-2014-4390 | Apple | Improper Input Validation vulnerability in Apple mac OS X Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 9.3 |
2014-09-19 | CVE-2006-1318 | Microsoft | Code Injection vulnerability in Microsoft Office Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability." | 9.3 |
2014-09-18 | CVE-2014-4418 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | 9.3 |
2014-09-18 | CVE-2014-4405 | Apple | NULL Pointer Dereference Remote Code Execution vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | 9.3 |
2014-09-18 | CVE-2014-4389 | Apple | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | 9.3 |
2014-09-18 | CVE-2014-4388 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | 9.3 |
2014-09-18 | CVE-2014-4381 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | 9.3 |
2014-09-18 | CVE-2014-4380 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. | 9.3 |
2014-09-15 | CVE-2014-2375 | Ecava | Permissions, Privileges, and Access Controls vulnerability in Ecava Integraxor Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. | 9.0 |
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-17 | CVE-2014-4621 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 8.5 |
2014-09-18 | CVE-2014-4404 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. | 7.8 |
2014-09-18 | CVE-2014-4373 | Apple | NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS, mac OS X and Tvos The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | 7.8 |
2014-09-18 | CVE-2014-4369 | Apple | NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS and Tvos The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. | 7.8 |
2014-09-17 | CVE-2014-0563 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. | 7.8 |
2014-09-19 | CVE-2014-4424 | Apple | SQL Injection vulnerability in Apple OS X Server SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-09-15 | CVE-2014-2376 | Ecava | SQL Injection vulnerability in Ecava Integraxor SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-09-18 | CVE-2014-4375 | Apple | Local Memory Corruption vulnerability in Apple Iphone OS, mac OS X and Tvos Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. | 7.2 |
2014-09-18 | CVE-2014-4379 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. | 7.1 |
2014-09-17 | CVE-2014-4622 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 7.1 |
169 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-19 | CVE-2014-4416 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. | 6.9 |
2014-09-19 | CVE-2014-4401 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4400 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4399 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4398 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4397 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4396 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4395 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-19 | CVE-2014-4394 | Apple | Improper Input Validation vulnerability in Apple mac OS X An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 6.9 |
2014-09-18 | CVE-2014-4408 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | 6.9 |
2014-09-18 | CVE-2014-4368 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 6.9 |
2014-09-20 | CVE-2014-0992 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | 6.8 |
2014-09-20 | CVE-2014-0991 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | 6.8 |
2014-09-20 | CVE-2014-0990 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | 6.8 |
2014-09-20 | CVE-2014-0989 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | 6.8 |
2014-09-20 | CVE-2014-0988 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. | 6.8 |
2014-09-20 | CVE-2014-0987 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. | 6.8 |
2014-09-20 | CVE-2014-0986 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | 6.8 |
2014-09-20 | CVE-2014-0985 | Advantech | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | 6.8 |
2014-09-19 | CVE-2014-4350 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. | 6.8 |
2014-09-19 | CVE-2014-1391 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. | 6.8 |
2014-09-18 | CVE-2014-4422 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 6.8 |
2014-09-18 | CVE-2014-4415 | Apple | Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4414 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4413 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4412 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4411 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4410 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
2014-09-18 | CVE-2014-4377 | Apple | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2014-09-18 | CVE-2014-2886 | Nongnu | Permissions, Privileges, and Access Controls vulnerability in Nongnu Gksu 2.0.2 GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. | 6.8 |
2014-09-15 | CVE-2014-0993 | Embarcadero | Buffer Errors vulnerability in Embarcadero products Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file. | 6.8 |
2014-09-18 | CVE-2014-4824 | IBM | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager 7.2.0 SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2014-09-17 | CVE-2012-2956 | Spiceworks | SQL Injection vulnerability in Spiceworks 5.3.75941 SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. | 6.5 |
2014-09-17 | CVE-2012-1506 | Orangehrm | SQL Injection vulnerability in Orangehrm SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. | 6.5 |
2014-09-20 | CVE-2014-3379 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. | 6.1 |
2014-09-18 | CVE-2014-4378 | Apple | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | 5.8 |
2014-09-18 | CVE-2014-4354 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | 5.8 |
2014-09-20 | CVE-2014-5990 | Bookjam | Cryptographic Issues vulnerability in Bookjam Cookbible 1.0.0 The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5989 | Babydays | Cryptographic Issues vulnerability in Babydays Baby Days 1.5.8 The baby days (aka jp.co.cyberagent.babydays) application 1.5.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5988 | Getjar | Cryptographic Issues vulnerability in Getjar Azkend Gold 1.2.6 The Azkend Gold (aka com.the10tons.azkend.gold) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5987 | Three | Cryptographic Issues vulnerability in Three MY3 @7F0A0001 The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5986 | Puzzles AND Matchup Games Project | Cryptographic Issues vulnerability in Puzzles and Matchup Games Project Educational Puzzles - Letters 2.0 The Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5985 | Topappsbuilder Project | Cryptographic Issues vulnerability in Topappsbuilder Project Animal Kaiser Zangetsu 0.1 The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5981 | Moweather | Cryptographic Issues vulnerability in Moweather 1.40.05 The MoWeather (aka com.moji.moweather) application 1.40.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5980 | Genertel | Cryptographic Issues vulnerability in Genertel 2.6.0 The Genertel (aka com.genertel) application 2.6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5979 | Tvbengali | Cryptographic Issues vulnerability in Tvbengali TV Bengali Open Directory 1.4 The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5978 | Ipposan | Cryptographic Issues vulnerability in Ipposan Memetan 1.1.0 The memetan (aka memetan.android.com.activity) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5977 | Mobile Face Project | Cryptographic Issues vulnerability in Mobile Face Project Mobile Face 0.74.13432.91159 The Mobile Face (aka com.wFacemobile) application 0.74.13432.91159 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5976 | Alibaba | Cryptographic Issues vulnerability in Alibaba 4.1.0.0 The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5975 | Grabapp | Cryptographic Issues vulnerability in Grabapp Eponyms 3.2 The eponyms (aka com.anddeveloper.eponyms) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5974 | Psecu | Cryptographic Issues vulnerability in Psecu Mobile+ 2.2 The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5973 | Socialknowledge | Cryptographic Issues vulnerability in Socialknowledge Aquarium Advice 3.7.6 The Aquarium Advice (aka com.socialknowledge.aquariumadvice) application 3.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-5972 | Loving FM | Cryptographic Issues vulnerability in Loving.Fm Loving - Couple Essential 4.0.1 The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5970 | Babybus | Cryptographic Issues vulnerability in Babybus 3.91 The BabyBus (aka com.sinyee.babybus.concert.ru) application 3.91 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5969 | Healthylifestyle Project | Cryptographic Issues vulnerability in Healthylifestyle Project Healthylifestyle 1.2.2 The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5968 | Igolf | Cryptographic Issues vulnerability in Igolf - Golf GPS 20 The iGolf - Golf GPS (aka com.igolf) application 20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5967 | Decoracionesnailart | Cryptographic Issues vulnerability in Decoracionesnailart Designs Nail Arts 3.6.1 The Designs Nail Arts (aka com.decoracionesnailart.flickr) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5966 | Golauncher | Cryptographic Issues vulnerability in Golauncher Dreamland Super Theme GO Gold 1.0 The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme.dreamland.gold) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5965 | Groovemusic Project | Cryptographic Issues vulnerability in Groovemusic Project Groovemusic 2.0.0 The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5964 | Megabank | Cryptographic Issues vulnerability in Megabank 2.0 The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5963 | Corntree | Cryptographic Issues vulnerability in Corntree Halieutics 21.40.5 The Halieutics (aka com.corn.Halieutics) application 21.40.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5962 | Gamelikeapps | Cryptographic Issues vulnerability in Gamelikeapps Guess the Actor 1.1 The Guess The Actor (aka com.gamelikeinc.actors) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5961 | Hdcar | Cryptographic Issues vulnerability in Hdcar Russiananime 1 The russiananime (aka com.rareartifact.russiananime68A5CCFE) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5960 | KBV | Cryptographic Issues vulnerability in KBV Federal Doctors 1.0.1 The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5959 | Mytx | Cryptographic Issues vulnerability in Mytx TX Smart 7.05 The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-19 | CVE-2014-5958 | Chatbox | Cryptographic Issues vulnerability in Chatbox - Chat Rooms 2.5 The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5957 | Linkyungame | Cryptographic Issues vulnerability in Linkyungame Alien WAR Survivors 1.3.1 The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5956 | Vplayer | Cryptographic Issues vulnerability in Vplayer Video Player 3.2.6 The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5955 | Stephenvarga | Cryptographic Issues vulnerability in Stephenvarga Atomic Fusion 1.7 The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5954 | SBI | Cryptographic Issues vulnerability in SBI State Bank Anywhere 2.0.1 The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5953 | Kaskus | Cryptographic Issues vulnerability in Kaskus 2.13.0 The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5952 | Calarepasoftware | Cryptographic Issues vulnerability in Calarepasoftware E-Dziennik 0.5.2 The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5951 | Sinopac | Cryptographic Issues vulnerability in Sinopac 2.4.2 The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5950 | Smtown | Cryptographic Issues vulnerability in Smtown NOW 0.9.8 The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5949 | Mobileticketapp | Cryptographic Issues vulnerability in Mobileticketapp Ticket APP - Concerts & Sports 3.0.1 The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5948 | Barackobama | Cryptographic Issues vulnerability in Barackobama Obama for America 1.02 The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5947 | Psicofxp | Cryptographic Issues vulnerability in Psicofxp 2.4.12.15 The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5946 | Hawaaworld | Cryptographic Issues vulnerability in Hawaaworld Forumhawaaworldcom 3.4.12 The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application 3.4.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5945 | Edline Mobile Project | Cryptographic Issues vulnerability in Edline Mobile Project Edline Mobile 0.63.13369.34294 The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5944 | Jellyfisher | Cryptographic Issues vulnerability in Jellyfisher Soccer Blitz 1.06 The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5943 | Labmsf | Cryptographic Issues vulnerability in Labmsf Antivirus Beta 1.0.2 The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5942 | Baby Stomach Surgery Project | Cryptographic Issues vulnerability in Baby Stomach Surgery Project Baby Stomach Surgery 1.0.2 The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5941 | Armpit SPA Girl Games Project | Cryptographic Issues vulnerability in Armpit SPA & Girl Games Project Armpit SPA & Girl Games 1.0.2 The Armpit Spa & Girl Games (aka com.freegames.spamakeover) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5940 | Pocketpc | Cryptographic Issues vulnerability in Pocketpc Pocketpc.Ch 3.9.51 The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5939 | Travelzad | Cryptographic Issues vulnerability in Travelzad Travelzadcomvb 3.3.10 The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5938 | Alldealsasia | Cryptographic Issues vulnerability in Alldealsasia ALL Deals ADA APP 4.2.1 The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5937 | Freediyhomeimprovement | Cryptographic Issues vulnerability in Freediyhomeimprovement Social Networking 0.33.13320.99980 The Social Networking (aka com.wSocialNetworkingSites) application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5936 | Incognito Private Browser Project | Cryptographic Issues vulnerability in Incognito Private Browser Project Incognito Private Browser 1.4.0 The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5935 | Daily Free APP Amazon Project | Cryptographic Issues vulnerability in Daily Free APP @ Amazon Project Daily Free APP @ Amazon 1.5.2 The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5934 | Skout | Cryptographic Issues vulnerability in Skout Flurv Chat 4.3.3 The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5933 | Cokestudio | Cryptographic Issues vulnerability in Cokestudio Cokestudio7 1 The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5932 | Vodafone | Cryptographic Issues vulnerability in Vodafone Mobile@Work 6.0.0.1.12R The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5931 | Stopandshop | Cryptographic Issues vulnerability in Stopandshop Stop & Shop Scan It! Mobile 7.21.00 The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5930 | Singtel | Cryptographic Issues vulnerability in Singtel Store and Share 2.0.18 The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5929 | Emart | Cryptographic Issues vulnerability in Emart Emartmall 1.3.3 The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5928 | Steganos | Cryptographic Issues vulnerability in Steganos Online Shield VPN 1.0.3 The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5927 | Fastcustomer | Cryptographic Issues vulnerability in Fastcustomer -- Fast Customer 3 The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5926 | DCU | Cryptographic Issues vulnerability in DCU Mobile Banking 2 The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5925 | Musicjustnow | Cryptographic Issues vulnerability in Musicjustnow 10000 Kindle Books Downloads 0.312 The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5924 | Bearhugmedia | Cryptographic Issues vulnerability in Bearhugmedia Monster Makeup 1.0.0.0 The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5923 | Statusvia | Cryptographic Issues vulnerability in Statusvia Facebook Status VIA 3.5 The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5922 | Ga6748 Project | Cryptographic Issues vulnerability in Ga6748 Project Ga6748 1 The ga6748 (aka com.g.ga6748) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5921 | EA | Cryptographic Issues vulnerability in EA Need for Speed Network 1.0.1 The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5920 | Amberfog | Cryptographic Issues vulnerability in Amberfog VK Amberfog 3.5.6 The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-18 | CVE-2014-5919 | Surdoc | Cryptographic Issues vulnerability in Surdoc - 100Gb+ Free Storage 1.3.4.0 The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5918 | Secretcircle | Cryptographic Issues vulnerability in Secretcircle Secret Circle - Talk Freely 2.2.00.26 The Secret Circle - talk freely (aka com.easyxapp.secret) application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5917 | Grassapper | Cryptographic Issues vulnerability in Grassapper Slideshow 365 3.6 The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5916 | OI | Cryptographic Issues vulnerability in OI Minha OI 1.15.0 The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5915 | Tigo | Cryptographic Issues vulnerability in Tigo Copa Mundial Fifa 2014 3.1 The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5914 | Finansbank | Cryptographic Issues vulnerability in Finansbank CEP Subesi 1.1.5 The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5913 | Game Lion | Cryptographic Issues vulnerability in Game-Lion Allies in WAR 1.3.2 The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5912 | Intsig | Cryptographic Issues vulnerability in Intsig Innote 1.0.3.20131119 The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5911 | Jellytap | Cryptographic Issues vulnerability in Jellytap Free APP Icons & Icon Packs 1.4 The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5910 | DOG Whistle Project | Cryptographic Issues vulnerability in DOG Whistle Project DOG Whistle 1.9 The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5909 | Watcha | Cryptographic Issues vulnerability in Watcha 2.0.2 The watcha (aka com.frograms.watcha) application 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5908 | Kmart | Cryptographic Issues vulnerability in Kmart @7F0C00Ef The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5907 | Libiitech | Cryptographic Issues vulnerability in Libiitech PET Salon 1.0.1 The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-17 | CVE-2014-5906 | Youngmoney | Cryptographic Issues vulnerability in Youngmoney LIL Wayne Slots: Free Slots 1.138 The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application 1.138 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5905 | Meucarrinho | Cryptographic Issues vulnerability in Meucarrinho Grocery List - Tomatoes 5.1.4 The Grocery List - Tomatoes (aka com.meucarrinho) application 5.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5904 | Miniinthebox | Cryptographic Issues vulnerability in Miniinthebox Online Shopping 2.0.0 The MiniInTheBox Online Shopping (aka com.miniinthebox.android) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5903 | Mobileiron | Cryptographic Issues vulnerability in Mobileiron Mobile@Work 6.0.0.1.12R The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5902 | Uacinemas | Cryptographic Issues vulnerability in Uacinemas UA Cinemas - Mobile Ticketing 2.9 The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5901 | Webelinx | Cryptographic Issues vulnerability in Webelinx Beauty Bible - APP for Girls 5 The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5900 | Myhomeworkapp | Cryptographic Issues vulnerability in Myhomeworkapp Myhomework Student Planner 3.0.2 The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5899 | Nespresso | Cryptographic Issues vulnerability in Nespresso 2.4.1 The Nespresso (aka com.nespresso.activities) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5898 | Heavy Duty Truck Driver Simulator 3D Project | Cryptographic Issues vulnerability in Heavy Duty Truck Driver Simulator 3D Project Heavy Duty Truck Driver Simulator 3D 1.0.5 The Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck.driver.simulator3d) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5897 | Parallelmafia | Cryptographic Issues vulnerability in Parallelmafia Parallel Mafia Mmorpg @7F070000 The Parallel Mafia MMORPG (aka com.perblue.pm.client) application @7F070000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5896 | Seawolftech | Cryptographic Issues vulnerability in Seawolftech Globaltalk- Free Phone Calls 2.1.4 The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5895 | Shopyourway | Cryptographic Issues vulnerability in Shopyourway 1.9 The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5894 | Pingshow | Cryptographic Issues vulnerability in Pingshow Airetalk Text Call & More! 2.0.73 The AireTalk: Text, Call, & More! (aka com.pingshow.amper) application 2.0.73 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5893 | Shinsegaemall | Cryptographic Issues vulnerability in Shinsegaemall Froyo 5.1.3 The froyo (aka com.shinsegae.mobile.froyo) application 5.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5892 | Olleh | Cryptographic Issues vulnerability in Olleh Greenbill 2.0.3 The greenbill (aka com.show.greenbill_G) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5891 | Snipsnap | Cryptographic Issues vulnerability in Snipsnap Coupon APP 1.1.11 The SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5890 | Sports2I | Cryptographic Issues vulnerability in Sports2I KBO Sports2I 2014 5.1.00 The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-15 | CVE-2014-5889 | Androidforums | Cryptographic Issues vulnerability in Androidforums Forum for Android 2.4.4.9 The Android Forums (aka com.tapatalk.androidforumscom) application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-20 | CVE-2014-3378 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | 5.0 |
2014-09-20 | CVE-2014-3376 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | 5.0 |
2014-09-19 | CVE-2014-3614 | Powerdns | Remote Denial of Service vulnerability in Powerdns Recursor 3.6.0 Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | 5.0 |
2014-09-18 | CVE-2014-5413 | Aveva Schneider Electric | Cryptographic Issues vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | 5.0 |
2014-09-18 | CVE-2014-5412 | Aveva Schneider Electric | Permissions, Privileges, and Access Controls vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | 5.0 |
2014-09-18 | CVE-2014-4374 | Apple | XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2014-09-18 | CVE-2014-4366 | Apple | Credentials Management vulnerability in Apple Iphone OS Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 5.0 |
2014-09-18 | CVE-2014-4363 | Apple | Credentials Management vulnerability in Apple Iphone OS and Safari Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 5.0 |
2014-09-18 | CVE-2014-4362 | Apple | Information Exposure vulnerability in Apple Iphone OS The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | 5.0 |
2014-09-18 | CVE-2014-4361 | Apple | Information Exposure vulnerability in Apple Iphone OS The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | 5.0 |
2014-09-15 | CVE-2014-3796 | Vmware | Improper Input Validation vulnerability in VMWare NSX and Vcloud Networking and Security VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2014-09-15 | CVE-2014-2377 | Ecava | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | 5.0 |
2014-09-15 | CVE-2014-5407 | Schneider Electric | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Vampset Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | 4.4 |
2014-09-20 | CVE-2014-3367 | Cisco | Cross-Site Scripting vulnerability in Cisco Nexus 1000V Intercloud Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. | 4.3 |
2014-09-19 | CVE-2012-2588 | Mailenable | Cross-Site Scripting vulnerability in Mailenable 6.5 Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. | 4.3 |
2014-09-19 | CVE-2014-4406 | Apple | Cross-Site Scripting vulnerability in Apple OS X Server Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-18 | CVE-2014-5317 | Php365 | Cross-Site Scripting vulnerability in PHP365 products Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-18 | CVE-2014-4826 | IBM | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.2.0 IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 4.3 |
2014-09-18 | CVE-2014-4820 | IBM | Cross-Site Scripting vulnerability in IBM Integration BUS Manufacturing Pack 1.0.0.0 Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-18 | CVE-2014-4423 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | 4.3 |
2014-09-18 | CVE-2014-4409 | Apple | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | 4.3 |
2014-09-18 | CVE-2014-4407 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | 4.3 |
2014-09-18 | CVE-2014-4383 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Tvos The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | 4.3 |
2014-09-18 | CVE-2014-4353 | Apple | Race Condition vulnerability in Apple Iphone OS Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | 4.3 |
2014-09-17 | CVE-2012-6658 | Spiceworks | Cross-Site Scripting vulnerability in Spiceworks 5.3.75941 Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. | 4.3 |
2014-09-17 | CVE-2014-5235 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | 4.3 |
2014-09-17 | CVE-2014-5234 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | 4.3 |
2014-09-17 | CVE-2012-2583 | Mini Mail Dashboard Widget Project | Cross-Site Scripting vulnerability in Mini Mail Dashboard Widget Project Mini Mail Dashboard Widget 1.42 Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | 4.3 |
2014-09-17 | CVE-2012-1507 | Orangehrm | Cross-Site Scripting vulnerability in Orangehrm Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php. | 4.3 |
2014-09-17 | CVE-2012-1032 | Siteseeker Episerver | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-17 | CVE-2014-0562 | Adobe Apple Microsoft | Cross-Site Scripting vulnerability in Adobe Acrobat and Acrobat Reader Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | 4.3 |
2014-09-20 | CVE-2014-3377 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | 4.0 |
2014-09-18 | CVE-2014-4819 | IBM | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. | 4.0 |
2014-09-15 | CVE-2014-3617 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | 4.0 |
17 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-18 | CVE-2014-4372 | Apple | Link Following vulnerability in Apple Iphone OS and Tvos syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | 3.6 |
2014-09-18 | CVE-2014-5411 | Aveva Schneider Electric | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-09-17 | CVE-2012-1417 | Yealink | Cross-Site Scripting vulnerability in Yealink products Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | 3.5 |
2014-09-15 | CVE-2014-4763 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-09-18 | CVE-2014-4364 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | 2.9 |
2014-09-19 | CVE-2014-4403 | Apple | Information Exposure vulnerability in Apple mac OS X The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | 2.1 |
2014-09-18 | CVE-2014-4367 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | 2.1 |
2014-09-18 | CVE-2014-4357 | Apple | Information Exposure vulnerability in Apple Iphone OS and Tvos Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | 2.1 |
2014-09-18 | CVE-2014-4356 | Apple | Information Exposure vulnerability in Apple Iphone OS Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | 2.1 |
2014-09-18 | CVE-2014-4352 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | 2.1 |
2014-09-15 | CVE-2014-3077 | IBM | Information Exposure vulnerability in IBM products IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. | 2.1 |
2014-09-18 | CVE-2014-4421 | Apple | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. | 1.9 |
2014-09-18 | CVE-2014-4420 | Apple | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. | 1.9 |
2014-09-18 | CVE-2014-4419 | Apple | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. | 1.9 |
2014-09-18 | CVE-2014-4386 | Apple | Race Condition vulnerability in Apple Iphone OS Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | 1.9 |
2014-09-18 | CVE-2014-4384 | Apple | Path Traversal vulnerability in Apple Iphone OS Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | 1.9 |
2014-09-18 | CVE-2014-4371 | Apple | Improper Initialization vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | 1.9 |