Weekly Vulnerabilities Reports > October 13 to 19, 2014
Overview
617 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 495 products from 324 vendors including Oracle, Magzter, Apple, Microsoft, and Mariadb. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".
- 263 reported vulnerabilities are remotely exploitables.
- 16 reported vulnerabilities have public exploit available.
- 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 529 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
32 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-15 | CVE-2014-6513 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | 10.0 |
2014-10-15 | CVE-2014-4121 | Microsoft | Resource Management Errors vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability." | 10.0 |
2014-10-15 | CVE-2014-4073 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | 10.0 |
2014-10-15 | CVE-2014-0564 | Adobe Opensuse Suse | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. | 10.0 |
2014-10-15 | CVE-2014-0558 | Adobe Apple Microsoft Linux | Code Injection vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. | 10.0 |
2014-10-13 | CVE-2014-7297 | Kriesi | Remote Security vulnerability in Enfold Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. | 10.0 |
2014-10-19 | CVE-2014-5422 | Carefusion | Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1 CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors. | 9.7 |
2014-10-15 | CVE-2014-6562 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 9.3 |
2014-10-15 | CVE-2014-6532 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. | 9.3 |
2014-10-15 | CVE-2014-6503 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. | 9.3 |
2014-10-15 | CVE-2014-6485 | Oracle | Unspecified vulnerability in Oracle JRE 1.8.0 Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 9.3 |
2014-10-15 | CVE-2014-6456 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 9.3 |
2014-10-15 | CVE-2014-2927 | F5 | Improper Authentication vulnerability in F5 products The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. | 9.3 |
2014-10-15 | CVE-2014-4141 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4138 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132. | 9.3 |
2014-10-15 | CVE-2014-4137 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4133. | 9.3 |
2014-10-15 | CVE-2014-4134 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4133 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4137. | 9.3 |
2014-10-15 | CVE-2014-4132 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4138. | 9.3 |
2014-10-15 | CVE-2014-4130 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138. | 9.3 |
2014-10-15 | CVE-2014-4129 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4128 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4127 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4126 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4117 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-0569 | Adobe Opensuse Suse | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2014-10-15 | CVE-2014-6560 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545. | 9.0 |
2014-10-15 | CVE-2014-6546 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
2014-10-15 | CVE-2014-6545 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560. | 9.0 |
2014-10-15 | CVE-2014-6467 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560. | 9.0 |
2014-10-15 | CVE-2014-6455 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
2014-10-15 | CVE-2014-6453 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560. | 9.0 |
40 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-15 | CVE-2014-4148 | Microsoft | Code Injection vulnerability in Microsoft products win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | 8.8 |
2014-10-15 | CVE-2014-4123 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. | 8.8 |
2014-10-19 | CVE-2014-3397 | Cisco | Resource Management Errors vulnerability in Cisco Telepresence MCU Software The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. | 7.8 |
2014-10-19 | CVE-2014-3368 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. | 7.8 |
2014-10-18 | CVE-2014-4443 | Apple | Improper Input Validation vulnerability in Apple mac OS X Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data. | 7.8 |
2014-10-15 | CVE-2014-6508 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). | 7.8 |
2014-10-15 | CVE-2014-4114 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability." | 7.8 |
2014-10-15 | CVE-2014-4113 | Microsoft | Unspecified vulnerability in Microsoft products win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." | 7.8 |
2014-10-14 | CVE-2014-6380 | Juniper | Denial of Service vulnerability in Juniper Junos Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets. | 7.8 |
2014-10-14 | CVE-2014-6378 | Juniper | Resource Management Errors vulnerability in Juniper Junos Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message. | 7.8 |
2014-10-14 | CVE-2014-6377 | Juniper | Resource Management Errors vulnerability in Juniper Junos E Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8. | 7.8 |
2014-10-14 | CVE-2014-3818 | Juniper | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Junos Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE. | 7.8 |
2014-10-15 | CVE-2014-6493 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. | 7.6 |
2014-10-15 | CVE-2014-6492 | Oracle Mozilla | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 7.6 |
2014-10-15 | CVE-2014-4288 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. | 7.6 |
2014-10-19 | CVE-2014-4840 | IBM | Improper Input Validation vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | 7.5 |
2014-10-18 | CVE-2014-4427 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | 7.5 |
2014-10-17 | CVE-2014-2063 | Jenkins | Unspecified vulnerability in Jenkins Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 7.5 |
2014-10-16 | CVE-2014-8306 | C97 | SQL Injection vulnerability in C97 Cart Engine 3.0 SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | 7.5 |
2014-10-16 | CVE-2014-8240 | Tigervnc | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tigervnc Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. | 7.5 |
2014-10-16 | CVE-2014-3666 | Redhat Jenkins | Code Injection vulnerability in multiple products Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | 7.5 |
2014-10-16 | CVE-2014-3704 | Drupal Debian | SQL Injection vulnerability in multiple products The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. | 7.5 |
2014-10-15 | CVE-2014-6500 | Oracle Juniper Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. | 7.5 |
2014-10-15 | CVE-2014-6491 | Oracle Juniper Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. | 7.5 |
2014-10-15 | CVE-2014-4278 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms. | 7.5 |
2014-10-15 | CVE-2014-4276 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). | 7.5 |
2014-10-15 | CVE-2014-8295 | Bacula | SQL Injection vulnerability in Bacula Bacula-Web 5.2.10 SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | 7.5 |
2014-10-15 | CVE-2014-8294 | PHP Resource | SQL Injection vulnerability in PHP Resource Voice of web Allmyguests 0.4.1 Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | 7.5 |
2014-10-15 | CVE-2014-1575 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. | 7.5 |
2014-10-14 | CVE-2014-8766 | Allomani | SQL Injection vulnerability in Allomani Weblinks 1.0 Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php. | 7.5 |
2014-10-14 | CVE-2014-6379 | Juniper | Improper Authentication vulnerability in Juniper Junos Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors. | 7.5 |
2014-10-18 | CVE-2014-4433 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. | 7.2 |
2014-10-15 | CVE-2014-6473 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. | 7.2 |
2014-10-15 | CVE-2014-4282 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. | 7.2 |
2014-10-15 | CVE-2014-4115 | Microsoft | Resource Management Errors vulnerability in Microsoft products fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability." | 7.2 |
2014-10-19 | CVE-2014-3406 | Cisco | Race Condition vulnerability in Cisco Intrusion Prevention System Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085. | 7.1 |
2014-10-19 | CVE-2014-3370 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447. | 7.1 |
2014-10-19 | CVE-2014-3369 | Cisco | Resource Management Errors vulnerability in Cisco products The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252. | 7.1 |
2014-10-16 | CVE-2014-8310 | SAP | Improper Input Validation vulnerability in SAP Businessobjects 4.0 The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | 7.1 |
2014-10-15 | CVE-2014-2022 | Vbulletin | SQL Injection vulnerability in Vbulletin SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | 7.1 |
503 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-18 | CVE-2014-4438 | Apple | Race Condition vulnerability in Apple mac OS X Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | 6.9 |
2014-10-15 | CVE-2014-6466 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 6.9 |
2014-10-15 | CVE-2014-6458 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 6.9 |
2014-10-19 | CVE-2014-7874 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Hp-Ux and System Management Homepage Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-10-19 | CVE-2014-5421 | Carefusion | Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1 CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access. | 6.8 |
2014-10-19 | CVE-2014-3408 | Cisco | Cross-Site Scripting vulnerability in Cisco Prime Optical 10.0 Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763. | 6.8 |
2014-10-19 | CVE-2014-2358 | FOX IT | Cross-Site Request Forgery (CSRF) vulnerability in Fox-It FOX Datadiode 1.7.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | 6.8 |
2014-10-18 | CVE-2014-4441 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | 6.8 |
2014-10-18 | CVE-2014-4437 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | 6.8 |
2014-10-18 | CVE-2014-4391 | Apple | Cryptographic Issues vulnerability in Apple mac OS X The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. | 6.8 |
2014-10-18 | CVE-2014-4351 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. | 6.8 |
2014-10-17 | CVE-2014-2559 | Twitget Project | Cross-Site Request Forgery (CSRF) vulnerability in Twitget Project Twitget 3.3.1 Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php. | 6.8 |
2014-10-17 | CVE-2014-8756 | Panasonic | Unspecified vulnerability in Panasonic Network Camera Recorder Firmware The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. | 6.8 |
2014-10-17 | CVE-2014-8755 | Panasonic | Improper Input Validation vulnerability in Panasonic Network Camera View 3.0/4.0 Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." | 6.8 |
2014-10-17 | CVE-2014-8074 | Foxitsoftware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxitsoftware Foxit PDF SDK Activex Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables. | 6.8 |
2014-10-17 | CVE-2014-2066 | Jenkins | Improper Authentication vulnerability in Jenkins Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | 6.8 |
2014-10-16 | CVE-2014-7237 | Twiki Microsoft | Permissions, Privileges, and Access Controls vulnerability in multiple products lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code. | 6.8 |
2014-10-16 | CVE-2014-3686 | W1 FI Canonical Debian | Improper Input Validation vulnerability in multiple products wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | 6.8 |
2014-10-15 | CVE-2014-6533 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite 6.1.0/6.2.0 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | 6.8 |
2014-10-15 | CVE-2014-6529 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. | 6.8 |
2014-10-15 | CVE-2014-6506 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 6.8 |
2014-10-15 | CVE-2014-6499 | Oracle | Remote Security vulnerability in Oracle WebLogic Server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector. | 6.8 |
2014-10-15 | CVE-2014-6470 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. | 6.8 |
2014-10-15 | CVE-2014-6469 | Mariadb Oracle Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. | 6.8 |
2014-10-15 | CVE-2014-6468 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 6.8 |
2014-10-15 | CVE-2014-2576 | Claws Mail Opensuse | Cryptographic Issues vulnerability in multiple products plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | 6.8 |
2014-10-15 | CVE-2014-4124 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123. | 6.8 |
2014-10-15 | CVE-2014-0570 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Coldfusion Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-10-14 | CVE-2014-8070 | Yootheme | Unspecified vulnerability in Yootheme Pagekit 0.8.7 Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout. | 6.8 |
2014-10-14 | CVE-2014-3825 | Juniper | Improper Input Validation vulnerability in Juniper products The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. | 6.8 |
2014-10-19 | CVE-2014-4833 | IBM | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | 6.5 |
2014-10-17 | CVE-2014-6283 | Sybase | Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors. | 6.5 |
2014-10-17 | CVE-2014-2062 | Jenkins | Improper Authentication vulnerability in Jenkins Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | 6.5 |
2014-10-17 | CVE-2014-2058 | Jenkins | Permissions, Privileges, and Access Controls vulnerability in Jenkins BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. | 6.5 |
2014-10-15 | CVE-2014-6555 | Mariadb Oracle Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | 6.5 |
2014-10-15 | CVE-2014-6537 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2014-10-15 | CVE-2014-6530 | Oracle Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. | 6.5 |
2014-10-15 | CVE-2014-8750 | Openstack | Race Condition vulnerability in Openstack Nova Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances. | 6.5 |
2014-10-17 | CVE-2014-2279 | Seeddms | Path Traversal vulnerability in Seeddms Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. | 6.4 |
2014-10-16 | CVE-2014-8305 | C97 | Remote Security vulnerability in C97 Cart Engine 3.0 Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php. | 6.4 |
2014-10-15 | CVE-2014-6553 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.7.0 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console. | 6.4 |
2014-10-15 | CVE-2014-6465 | Oracle | Remote Security vulnerability in Oracle Communications Applications Scx640M5 Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept. | 6.3 |
2014-10-16 | CVE-2014-8313 | SAP | Code Injection vulnerability in SAP Hana Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | 6.0 |
2014-10-15 | CVE-2014-6483 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.0 |
2014-10-15 | CVE-2014-6535 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY. | 5.8 |
2014-10-15 | CVE-2014-6554 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.1.0/11.1.2.2.0 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console. | 5.5 |
2014-10-15 | CVE-2014-6489 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. | 5.5 |
2014-10-19 | CVE-2014-7483 | Desire2Learn Fusion 2014 Project | Cryptographic Issues vulnerability in Desire2Learn Fusion 2014 Project Desire2Learn Fusion 2014 4.0.729.1748 The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7481 | Etghosting | Cryptographic Issues vulnerability in Etghosting ETG Hosting 2 The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7478 | Nashaplaneta | Cryptographic Issues vulnerability in Nashaplaneta Nashaplaneta.Su 1.02 The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7476 | Androidebookapp | Cryptographic Issues vulnerability in Androidebookapp Healthy Lunch Diet Recipes 3.6.1 The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7475 | Drifty | Cryptographic Issues vulnerability in Drifty Ionic View 0.0.2 The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7472 | Mascov | Cryptographic Issues vulnerability in Mascov Csapp - Colegio SAN Agustin 1 The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7471 | International Arbitration Attorney | Cryptographic Issues vulnerability in International-Arbitration-Attorney International-Arbitration-Attorney.Com 0.1 The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7470 | Jogoeusei | Cryptographic Issues vulnerability in Jogoeusei I Know the Movie 1.1 The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7469 | Best Beginning Project | Cryptographic Issues vulnerability in Best Beginning Project Best Beginning 2.0 The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7468 | AG Klettern Odenwald | Cryptographic Issues vulnerability in Ag-Klettern-Odenwald AG Klettern Odenwald 1.2 The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7467 | Magzter | Cryptographic Issues vulnerability in Magzter Honeybee MAG 3 The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7466 | Live TV Browser Project | Cryptographic Issues vulnerability in Live TV Browser Project Live TV Browser 2 The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7465 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags PC Advisor @7F08017A The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7464 | Magicstamp | Cryptographic Issues vulnerability in Magicstamp Magic Stamp 2.8 The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7463 | IM5 Fans Planet Project | Cryptographic Issues vulnerability in IM5 Fans Planet Project IM5 Fans Planet 2.3.1 The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7462 | Teamlava | Cryptographic Issues vulnerability in Teamlava Fashion Story: Neon 90'S 1.5.6.5 The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7461 | Teknopoint | Cryptographic Issues vulnerability in Teknopoint A King Sperm BY DR. Seema RAO 0.63.13384.23020 The A King Sperm by Dr. | 5.4 |
2014-10-19 | CVE-2014-7460 | Superluckycasino | Cryptographic Issues vulnerability in Superluckycasino Slots Heaven:Free Slot Machine 1.123 The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7459 | Civitasmedia | Cryptographic Issues vulnerability in Civitasmedia Press-Leader 1.0011.B0011 The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7458 | Bloomyou | Cryptographic Issues vulnerability in Bloomyou Valentine 2.4 The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7457 | Magzter | Cryptographic Issues vulnerability in Magzter Electronics for YOU 3.02 The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7456 | Magzter | Cryptographic Issues vulnerability in Magzter Digit Magazine 3.01 The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7455 | Automon | Cryptographic Issues vulnerability in Automon Zoella Unofficial 1.4.0.5 The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7454 | Mbtcreations | Cryptographic Issues vulnerability in Mbtcreations Detox Juicing Diet Recipes 1.1 The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7452 | Shaklee Product Catalog Project | Cryptographic Issues vulnerability in Shaklee Product Catalog Project Shaklee Product Catalog 2 The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7450 | Allnurses | Cryptographic Issues vulnerability in Allnurses 3.4.10 The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7449 | Ngemc | Cryptographic Issues vulnerability in Ngemc MY Ngemc Account 1.153.0034 The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7448 | Magzter | Cryptographic Issues vulnerability in Magzter Dealside Institutional 3.1 The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7447 | Dattch | Cryptographic Issues vulnerability in Dattch - the Lesbian APP 0.3 The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7446 | Bilingual Magic Ball Project | Cryptographic Issues vulnerability in Bilingual Magic Ball Project Bilingual Magic Ball 0.1 The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7445 | Jowangel | Cryptographic Issues vulnerability in Jowangel Legend of Trance 1 The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7444 | Baidu | Cryptographic Issues vulnerability in Baidu Navigation 3.5.0 The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7443 | Face FUN Photo Collage Maker Project | Cryptographic Issues vulnerability in Face FUN Photo Collage Maker Project Face FUN Photo Collage Maker 2 1.3.0 The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7441 | Pakan KEN Tube Project | Cryptographic Issues vulnerability in Pakan KEN Tube Project Pakan KEN Tube 0.1 The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7439 | Beneplus | Cryptographic Issues vulnerability in Beneplus Bene+ Odmeny A Slevy 1.2.3 The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7437 | Love Horoscope Guide Project | Cryptographic Issues vulnerability in Love Horoscope Guide Project Love Horoscope Guide 1 The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7436 | SOS Recette Project | Cryptographic Issues vulnerability in SOS Recette Project SOS Recette 1 The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7435 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps AJD Bail Bonds 1.1 The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7434 | RTS | Cryptographic Issues vulnerability in RTS Rtsinfo 1.4.8 The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7433 | Hioa | Cryptographic Issues vulnerability in Hioa Student ID 1.2 The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7432 | Rama Palaniappan | Cryptographic Issues vulnerability in Rama-Palaniappan Calculatorapp 4 The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7431 | Standardchartered | Cryptographic Issues vulnerability in Standardchartered Breeze Jersey 1 The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7430 | Flood IT Project | Cryptographic Issues vulnerability in Flood-It Project Flood-It 4.2 The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7428 | 7725 | Cryptographic Issues vulnerability in 7725 7725.Com Three Kingdoms 2.4 The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7427 | Hunting Trophy Whitetails Project | Cryptographic Issues vulnerability in Hunting Trophy Whitetails Project Hunting Trophy Whitetails 0.75.13441.88885 The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application 0.75.13441.88885 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7425 | Doodlegod | Cryptographic Issues vulnerability in Doodlegod Doodle Devil Free 2.1.4 The Doodle Devil Free (aka com.joybits.doodledevil_free) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7424 | Quranedu | Cryptographic Issues vulnerability in Quranedu Quran ABU Bakr Ashshatiri Free 1 The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7423 | Magzter | Cryptographic Issues vulnerability in Magzter Youth Incorporated 3 The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7422 | Homerelectric | Cryptographic Issues vulnerability in Homerelectric HEA Mobile 1.153.0034 The HEA Mobile (aka com.homerelectric.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7421 | Mytoursapp | Cryptographic Issues vulnerability in Mytoursapp Revel in the Rideau Lakes 1.0.6 The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7420 | Magzter | Cryptographic Issues vulnerability in Magzter Just Bureaucracy 3.0.1 The Just Bureaucracy (aka com.magzter.justbureaucracy) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7419 | Pokecreator | Cryptographic Issues vulnerability in Pokecreator Lite 1.1 The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7418 | Magzter | Cryptographic Issues vulnerability in Magzter BBC Knowledge Magazine 3.01 The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7417 | Realacademiabellasartessanfernando | Cryptographic Issues vulnerability in Realacademiabellasartessanfernando Real Academia DE Bellas Artes 1 The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7416 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Craft Stamper Magazine @7F080183 The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7415 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Asylum! 3.3.10 The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7414 | Magzter | Cryptographic Issues vulnerability in Magzter Cleo Malaysia 3.01 The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7413 | Nakodabhairav | Cryptographic Issues vulnerability in Nakodabhairav Rajendra Suriji 1.1 The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7410 | Aliakay | Cryptographic Issues vulnerability in Aliakay Aptallik Testi 4 The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7409 | Djogjahotel | Cryptographic Issues vulnerability in Djogjahotel Liburan Hemat 1 The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7408 | Garyjohnson2012 | Cryptographic Issues vulnerability in Garyjohnson2012 Gary Johnson for President '12 0.75.13439.53899 The Gary Johnson for President '12 (aka com.GaryJohnson2012) application 0.75.13439.53899 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7407 | Mygamedaytix | Cryptographic Issues vulnerability in Mygamedaytix Game DAY TIX 2.4 The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7406 | Deakin | Cryptographic Issues vulnerability in Deakin University 1.1.729.1694 The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7405 | Appbasedtechnologies | Cryptographic Issues vulnerability in Appbasedtechnologies Belaire Family Orthodontics 1.304 The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7403 | Nzhondas | Cryptographic Issues vulnerability in Nzhondas Nzhondas.Com 3.6.14 The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7402 | Encardirect | Cryptographic Issues vulnerability in Encardirect SK Encar @7F050000 The SK encar (aka com.encardirect.app) application @7F050000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7399 | Susanglathar | Cryptographic Issues vulnerability in Susanglathar Suzanne Glathar 1.399 The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7398 | Buronya | Cryptographic Issues vulnerability in Buronya DIL Bilgisi Kurallari 1 The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7397 | Byfes | Cryptographic Issues vulnerability in Byfes Ileri Gazetesi - Yozgat 1 The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7396 | Pocketknife Bravo Super Project | Cryptographic Issues vulnerability in Pocketknife Bravo Super Project Pocketknife Bravo Super 0.54.13345.33028 The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application 0.54.13345.33028 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7395 | Usfbcm | Cryptographic Issues vulnerability in Usfbcm USF BCM 252847 The USF BCM (aka com.appmakr.app193115) application 252847 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7394 | Alaaliwat | Cryptographic Issues vulnerability in Alaaliwat Www.Alaaliwat.Com 4.9 The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7393 | Mbtcreations | Cryptographic Issues vulnerability in Mbtcreations 100 Beauty Tips 1.1 The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7392 | Avto Russia | Cryptographic Issues vulnerability in Avto-Russia Russian Federation Traffic Rules 1.21 The Russian Federation Traffic Rules (aka com.russia.pdd) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7391 | Pintsized | Cryptographic Issues vulnerability in Pintsized Synx Addictive Puzzle Game 1 The Synx addictive puzzle game (aka us.synx.mobile.play) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7390 | Tabtale | Cryptographic Issues vulnerability in Tabtale Enchanted Fashion Crush 1.0.0 The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7389 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Amnesia Groove 3.2.3 The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7388 | Magzter | Cryptographic Issues vulnerability in Magzter Sunday Indian Oriya 3.0.1 The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7387 | Accadvocacy | Cryptographic Issues vulnerability in Accadvocacy ACC Advocacy Action 2 The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7385 | Aperturemobilemedia | Cryptographic Issues vulnerability in Aperturemobilemedia Aperture Mobile Media 1.404 The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7384 | Userfriendlymedia | Cryptographic Issues vulnerability in Userfriendlymedia Joe'S Lawn Service 1.5 The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7382 | Alternative Connection Project | Cryptographic Issues vulnerability in Alternative Connection Project Alternative Connection 0.1 The Alternative Connection (aka com.wAlternativeConnection) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7380 | Apps2You | Cryptographic Issues vulnerability in Apps2You Cedar Kiosk 1.1 The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7379 | Eigenwinkelapp | Cryptographic Issues vulnerability in Eigenwinkelapp Kiddie Kinderschoenen 1 The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7378 | Jobranco Project | Cryptographic Issues vulnerability in Jobranco Project Jobranco 1.1 The Jobranco (aka com.jobranco) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7376 | Facebook Profits ON Steroids Project | Cryptographic Issues vulnerability in Facebook Profits ON Steroids Project Facebook Profits ON Steroids 0.1 The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7375 | Mobileappcity | Cryptographic Issues vulnerability in Mobileappcity Childcare 1.399 The Childcare (aka com.app_macchildcare.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7374 | Narr8 | Cryptographic Issues vulnerability in Narr8 Spin - Motion Comic 2.1.7 The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7373 | Magzter | Cryptographic Issues vulnerability in Magzter Inspire Weddings 3 The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7372 | Kellygerards | Cryptographic Issues vulnerability in Kellygerards Mr.Sausage 1.301 The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7371 | Appearingbusiness | Cryptographic Issues vulnerability in Appearingbusiness Magic Balloonman Marty Boone 1.4 The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7370 | Mobleeps | Cryptographic Issues vulnerability in Mobleeps JOB Mobleeps 0.1 The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7369 | Galsila | Cryptographic Issues vulnerability in Galsila IL Brillo Parlante 0.1 The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7368 | Creatingahaven | Cryptographic Issues vulnerability in Creatingahaven Compassion Satisfaction 0.75.13440.35155 The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7367 | TUS Radis | Cryptographic Issues vulnerability in Tus-Radis TUS 1947 Radis 1 The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7366 | Magzter | Cryptographic Issues vulnerability in Magzter Identity 3.01 The Identity (aka com.magzter.identity) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7364 | Promotionalshop | Cryptographic Issues vulnerability in Promotionalshop Promotional Items 0.1 The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7362 | Naranjascontocados | Cryptographic Issues vulnerability in Naranjascontocados Naranjas CON Tocados 0.1 The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7361 | Emunching | Cryptographic Issues vulnerability in Emunching Harry'S PUB 1.0.0 The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7360 | Health | Cryptographic Issues vulnerability in Health HOW TO Boil Eggs 251333 The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7359 | Elsio | Cryptographic Issues vulnerability in Elsio Mapa DA Mina 0.1 The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7358 | Concursive | Cryptographic Issues vulnerability in Concursive Vermont Powder 4.1 The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7357 | Bfac | Cryptographic Issues vulnerability in Bfac Grandparenting IS Great 1.4 The Grandparenting is Great (aka com.app_gig.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7354 | Magzter | Cryptographic Issues vulnerability in Magzter Penumbra Emag 3 The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7353 | Jazan 24 Project | Cryptographic Issues vulnerability in Jazan 24 Project Jazan 24 1 The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7352 | India S Anthem Project | Cryptographic Issues vulnerability in India'S Anthem Project India'S Anthem 1 The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7351 | Magzter | Cryptographic Issues vulnerability in Magzter Global Movie Magazine 3 The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7348 | Magzter | Cryptographic Issues vulnerability in Magzter HOT Cars 3 The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7346 | Magzter | Cryptographic Issues vulnerability in Magzter Bespoke 3 The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7345 | Diychatroom | Cryptographic Issues vulnerability in Diychatroom 3.4.0 The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7344 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Classic Arms & Militaria @7F080193 The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7342 | Echonewshk | Cryptographic Issues vulnerability in Echonewshk Echo News Beta The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7341 | Sasync | Cryptographic Issues vulnerability in Sasync 1.2.0 The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7340 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags OLD Bike Mart @7F08017E The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F08017E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7339 | Makeitpossible | Cryptographic Issues vulnerability in Makeitpossible Cuanto Conoces A UN Amigo 2 The Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7338 | Faailkhair | Cryptographic Issues vulnerability in Faailkhair 1 The faailkhair (aka com.faailkhair.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7337 | Estateapps | Cryptographic Issues vulnerability in Estateapps Acorn Estate Agents 3.1 The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7336 | Princetoncorporatesolutions | Cryptographic Issues vulnerability in Princetoncorporatesolutions Taking Your Company Public 1.28.44.441 The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application 1.28.44.441 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7335 | NYC | Cryptographic Issues vulnerability in NYC Liver Health - Hepatitis C 2.0.0 The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7334 | Magzter | Cryptographic Issues vulnerability in Magzter Where Dallas 3.0.2 The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7333 | Qmania | Cryptographic Issues vulnerability in Qmania Aloha Guide 1.3 The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7331 | Todaysseniorsnetwork | Cryptographic Issues vulnerability in Todaysseniorsnetwork 0.21.13245.84038 The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0.21.13245.84038 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7330 | Xtendcu | Cryptographic Issues vulnerability in Xtendcu Mobile 1.0.28 The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7329 | Digifi | Cryptographic Issues vulnerability in Digifi Motoring Classics 1.8.6 The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7328 | Brainabundance | Cryptographic Issues vulnerability in Brainabundance Brain Abundance Info 0.1 The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7327 | Magzter | Cryptographic Issues vulnerability in Magzter Macau Business 3 The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7326 | En2Grate | Cryptographic Issues vulnerability in En2Grate ETA Mobile 1.6.6 The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7325 | Magzter | Cryptographic Issues vulnerability in Magzter Business Intelligence 3 The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7323 | Magzter | Cryptographic Issues vulnerability in Magzter Dignity Dialogue 3 The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7321 | Offertaviaggi | Cryptographic Issues vulnerability in Offertaviaggi Firenze MAP 0.1 The Firenze map (aka com.wFirenzemap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7320 | Shirakaba Project | Cryptographic Issues vulnerability in Shirakaba Project Shirakaba 1 The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7317 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Aloha Bail Bonds 1.1 The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7316 | Synrevoice | Cryptographic Issues vulnerability in Synrevoice Safe Arrival 1.2 The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7315 | Magzter | Cryptographic Issues vulnerability in Magzter Where Atlanta 3.0.2 The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7314 | Magzter | Cryptographic Issues vulnerability in Magzter Intelligent SME 3 The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7313 | ONE YOU Fitness Project | Cryptographic Issues vulnerability in ONE YOU Fitness Project ONE YOU Fitness 1.399 The One You Fitness (aka com.app_oneyou.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7310 | ALI Visual Project | Cryptographic Issues vulnerability in ALI Visual Project ALI Visual 1 The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7309 | Where2Stop | Cryptographic Issues vulnerability in Where2Stop Where2Stop-Cardlocks-Free 6.1 The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application 6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7307 | Forosocuellamos | Cryptographic Issues vulnerability in Forosocuellamos 1.1 The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7135 | Ayuntamientodecoana | Cryptographic Issues vulnerability in Ayuntamientodecoana Ayuntamiento DE Coana 0.2 The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7134 | Skydreams | Cryptographic Issues vulnerability in Skydreams Prof. Usman ALI Awheela 2.1 The PROF. | 5.4 |
2014-10-19 | CVE-2014-7132 | Jambatan PBB Semporna Project | Cryptographic Issues vulnerability in Jambatan PBB Semporna Project Jambatan PBB Semporna 13523.82613 The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7131 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Digital Content Newfronts 2014 6.0.7.6 The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7129 | Gannett | Cryptographic Issues vulnerability in Gannett Argus Leader Print Edition 6.7 The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7128 | Toyotaownersclub | Cryptographic Issues vulnerability in Toyotaownersclub Toyota OC 3.6.1 The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7127 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Football Espana Magazine @7F0801Aa The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7125 | Magzter | Cryptographic Issues vulnerability in Magzter Motor 3 The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7124 | Consulo | Cryptographic Issues vulnerability in Consulo IP Alarm 1.4 The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7123 | Vbwebdesigner | Cryptographic Issues vulnerability in Vbwebdesigner Brevir Harian V2 2 The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7122 | Gannett | Cryptographic Issues vulnerability in Gannett Lansing State Journal Print 6.7 The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7121 | Magzter | Cryptographic Issues vulnerability in Magzter Dhanam 3.1 The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7120 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Model Laboratory @7F080193 The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7119 | Ecolehoangnam | Cryptographic Issues vulnerability in Ecolehoangnam Gnam 2013 1 The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7118 | Itography | Cryptographic Issues vulnerability in Itography Item Hunt 3.0.3 The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7117 | Forestarea | Cryptographic Issues vulnerability in Forestarea Forest Area FCU Mobile 1.0.29 The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7116 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags NRA Journal @7F080181 The NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7115 | Mailgod | Cryptographic Issues vulnerability in Mailgod Letters TO GOD - Soc. Network 0.1 The Letters to God - soc. | 5.4 |
2014-10-19 | CVE-2014-7113 | Nasa Universe Wallpapers Xeus Project | Cryptographic Issues vulnerability in Nasa Universe Wallpapers Xeus Project Nasa Universe Wallpapers Xeus 1 The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7111 | Android Excellence Project | Cryptographic Issues vulnerability in Android Excellence Project Android Excellence 1.4.1 The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7109 | Nesvarnik | Cryptographic Issues vulnerability in Nesvarnik 1 The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7108 | Appbelle | Cryptographic Issues vulnerability in Appbelle Stop Headaches and Migraines 1.2 The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7100 | Sm3Ny | Cryptographic Issues vulnerability in Sm3Ny Www.Sm3Ny.Com 1 The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7084 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity Hesheng 80 3.0.2 The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7083 | Jiujik | Cryptographic Issues vulnerability in Jiujik JIU JIK 1.4.0 The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7080 | Sigong Ebook Project | Cryptographic Issues vulnerability in Sigong Ebook Project Sigong Ebook 1.0.0 The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7079 | Cybird | Cryptographic Issues vulnerability in Cybird Romeo and Juliet 1.0.6 The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7075 | Happycloud | Cryptographic Issues vulnerability in Happycloud Happy 2 The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7070 | AIR WAR Hero Project | Cryptographic Issues vulnerability in AIR WAR Hero Project AIR WAR Hero 3 The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7056 | Yeast Infection Project | Cryptographic Issues vulnerability in Yeast Infection Project Yeast Infection 0.1 The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7052 | CWS | Cryptographic Issues vulnerability in CWS Sahab-Alkher.Com 2.4.9.7 The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7107 | Magzter | Cryptographic Issues vulnerability in Magzter Human Factor 3.01 The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7106 | PP Solution | Cryptographic Issues vulnerability in Pp-Solution Orakel-Ball 0.2 The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7104 | Johtru | Cryptographic Issues vulnerability in Johtru Gymnoovp 1.2 The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7103 | Oskarshamnsliv Project | Cryptographic Issues vulnerability in Oskarshamnsliv Project Oskarshamnsliv 6 The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7102 | Quotezone | Cryptographic Issues vulnerability in Quotezone CAR Insurance Quote Comparison 2.3 The Car Insurance Quote Comparison (aka com.seopa.quotezone) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7101 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Talk Radio Europe 3.3.10 The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7099 | Magzter | Cryptographic Issues vulnerability in Magzter Woodcraft Magazine 3 The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7098 | Fylet | Cryptographic Issues vulnerability in Fylet Secure Large File Sender 2 The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7093 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Superbike Magazine @7F08017A The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7092 | Ubooly | Cryptographic Issues vulnerability in Ubooly 4.3.0 The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7091 | NBA | Cryptographic Issues vulnerability in NBA Sacramento Kings 6.0.8 The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7090 | Vcccd | Cryptographic Issues vulnerability in Vcccd Myvcccd 1.4.14 The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7089 | Appsgeyser | Cryptographic Issues vulnerability in Appsgeyser Competition Information 0.1 The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7088 | JDM Lifestyle Project | Cryptographic Issues vulnerability in JDM Lifestyle Project JDM Lifestyle 6.4 The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7087 | Appa Apps | Cryptographic Issues vulnerability in Appa-Apps TOP Roller Coasters Europe 1 @7F050001 The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7086 | Killer Screen Lock Project | Cryptographic Issues vulnerability in Killer Screen Lock Project Killer Screen Lock 0.5 The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7085 | Independent | Cryptographic Issues vulnerability in Independent I Newspaper @7F080184 The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7082 | Imapp | Cryptographic Issues vulnerability in Imapp NO Disturb 3.3 The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7078 | Payoneer Sign UP Project | Cryptographic Issues vulnerability in Payoneer Sign UP Project Payoneer Sign UP 0.1 The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7077 | Gcefcu | Cryptographic Issues vulnerability in Gcefcu Gulf Coast Educators FCU 1.0.27 The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7076 | Magzter | Cryptographic Issues vulnerability in Magzter Sanctuary Asia 3 The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7073 | Andrew Magdy Kamal S Network Project | Cryptographic Issues vulnerability in Andrew Magdy Kamal'S Network Project Andrew Magdy Kamal'S Network 0.1 The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7072 | Offertaviaggi | Cryptographic Issues vulnerability in Offertaviaggi Venezia MAP 0.1 The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7071 | Magzter | Cryptographic Issues vulnerability in Magzter Autocar India 3.03 The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7069 | Aventinobrand | Cryptographic Issues vulnerability in Aventinobrand Aventino Brand 2.2 The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7068 | Neumann | Cryptographic Issues vulnerability in Neumann Student Activities 216607 The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7067 | Appsgeyser | Cryptographic Issues vulnerability in Appsgeyser Btd5 Videos 0.1 The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7066 | Magzter | Cryptographic Issues vulnerability in Magzter Legalera 3 The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7065 | Ukbusinessaid | Cryptographic Issues vulnerability in Ukbusinessaid Nigerias Business Directory 0.70.13414.17619 The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7064 | Ben10 Omniverse Walkthrough Project | Cryptographic Issues vulnerability in Ben10 Omniverse Walkthrough Project Ben10 Omniverse Walkthrough 0.7 The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application 0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7063 | Bikersromagna | Cryptographic Issues vulnerability in Bikersromagna Bikers Romagna 1 The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7062 | Association MIN Ajlik Project | Cryptographic Issues vulnerability in Association MIN Ajlik Project Association MIN Ajlik 1 The Association Min Ajlik (aka com.association.min.ajlik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7061 | Modsimconnected | Cryptographic Issues vulnerability in Modsimconnected Modsim World 2014 2.0.0 The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7060 | Yourtango | Cryptographic Issues vulnerability in Yourtango Your Tango 1 The Your Tango (aka com.your.tango) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7059 | Thedevildoggamer Project | Cryptographic Issues vulnerability in Thedevildoggamer Project Thedevildoggamer 1 The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7058 | Efendimizin Sunnetleri Project | Cryptographic Issues vulnerability in Efendimizin Sunnetleri Project Efendimizin Sunnetleri 2.1 The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7057 | Magzter | Cryptographic Issues vulnerability in Magzter Hong Kong Tatler Society 3 The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7055 | Quickmobile | Cryptographic Issues vulnerability in Quickmobile Ncci'S Annual Issues Symposium 1 The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7054 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Musica DE Barrios Sonideros 3.3.10 The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-19 | CVE-2014-7053 | Citystar | Cryptographic Issues vulnerability in Citystar City Star ME 1 The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-18 | CVE-2014-4428 | Apple | Cryptographic Issues vulnerability in Apple mac OS X Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. | 5.4 |
2014-10-16 | CVE-2014-7050 | Givenu | Cryptographic Issues vulnerability in Givenu Give 1.5.3 The givenu give (aka com.givenu.give) application 1.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7049 | Somcloud | Cryptographic Issues vulnerability in Somcloud Somtodo - Task/To-Do Widget 2.0.3 The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7048 | Bearidlock | Cryptographic Issues vulnerability in Bearidlock Bear ID Lock 0.1 The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7045 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Bust OUT Bail 1.1 The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7044 | Street Walker Project | Cryptographic Issues vulnerability in Street Walker Project Street Walker 0.0.1 The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7043 | Cadpage | Cryptographic Issues vulnerability in Cadpage 1.7.44 The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7041 | Simbiotnetwork | Cryptographic Issues vulnerability in Simbiotnetwork Simgene 1.3 The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7040 | Unicreditgroup | Cryptographic Issues vulnerability in Unicreditgroup Unicredit Investors 1 The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7039 | Roguewaveproductionsllc | Cryptographic Issues vulnerability in Roguewaveproductionsllc Wild Women United 1 The Wild Women United (aka com.wildwomenunited) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7038 | AL Jazeera Project | Cryptographic Issues vulnerability in AL Jazeera Project AL Jazeera 6.0 The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7037 | Kuronecostudio | Cryptographic Issues vulnerability in Kuronecostudio Noble Sticker Free 1.0.7 The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7036 | Questfcu | Cryptographic Issues vulnerability in Questfcu Quest Federal CU Mobile 1.0.27 The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7035 | Harmonizers Planet Project | Cryptographic Issues vulnerability in Harmonizers Planet Project Harmonizers Planet 2.3.4 The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7034 | Senatorinn | Cryptographic Issues vulnerability in Senatorinn Senator INN & SPA 1.2.2.160 The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application 1.2.2.160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7033 | Curecos | Cryptographic Issues vulnerability in Curecos Cure Viewer 1.03 The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7032 | Myhabit | Cryptographic Issues vulnerability in Myhabit @7F080041 The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7031 | Redatoms | Cryptographic Issues vulnerability in Redatoms Three 2.5 The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7030 | Tejonstore | Cryptographic Issues vulnerability in Tejonstore Dieta Dukan Passo A Passo 1 The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7029 | Ticstyle | Cryptographic Issues vulnerability in Ticstyle Bultmonster Registret 1.1 The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7028 | Myapp | Cryptographic Issues vulnerability in Myapp Ibis PAU Centre 1 The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7027 | Pimpstore | Cryptographic Issues vulnerability in Pimpstore Esercizi PER LE Donne 1 The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7026 | Lifetimefitness | Cryptographic Issues vulnerability in Lifetimefitness Life Time Fitness 1.9 The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7025 | Whoisit | The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7024 | Pdlk | Cryptographic Issues vulnerability in Pdlk Hardest Game Collection 1.5.0 The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7023 | Find Color Project | Cryptographic Issues vulnerability in Find Color Project Find Color 1.1.1 The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7022 | Modelisme | Cryptographic Issues vulnerability in Modelisme Modelisme.Com Forum/Portail 3.6.9 The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7021 | LEG Surgery Kids Games Project | Cryptographic Issues vulnerability in LEG Surgery - Kids Games Project LEG Surgery - Kids Games 1.0.2 The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7020 | Diabetes | Cryptographic Issues vulnerability in Diabetes Forum 3.9.30 The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7019 | Blynk | Cryptographic Issues vulnerability in Blynk Clarks INN 3.3.0 The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7018 | Efunfun | Cryptographic Issues vulnerability in Efunfun Love Dance 1.2.0626 The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7017 | TIM BAN BON Phuong Project | Cryptographic Issues vulnerability in TIM BAN BON Phuong Project TIM BAN BON Phuong 2.2 The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7016 | Mahasna Batik Project | Cryptographic Issues vulnerability in Mahasna Batik Project Mahasna Batik 1 The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7015 | Jjmatch | Cryptographic Issues vulnerability in Jjmatch JJ Texas Hold'Em Poker 1.13.23.Hd The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7013 | Funny Photo Color Editor Project | Cryptographic Issues vulnerability in Funny Photo Color Editor Project Funny Photo Color Editor 0.0.4 The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7012 | Coffee INN | Cryptographic Issues vulnerability in Coffee-Inn Coffee INN 2.0.1 The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7011 | Nwtc | Cryptographic Issues vulnerability in Nwtc Mobile 1.4.17 The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7010 | Utsa | Cryptographic Issues vulnerability in Utsa Mobile 1.4.21 The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7009 | Hkbn | Cryptographic Issues vulnerability in Hkbn MY Account @7F070015 The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7008 | Frandroid | Cryptographic Issues vulnerability in Frandroid Forum Frandroid Beta 3.4.3 The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7007 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Master MIX 3.3.5 The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7006 | Apheliontechnologies | Cryptographic Issues vulnerability in Apheliontechnologies Hydfm 1.1.9 The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7005 | Foconet | Cryptographic Issues vulnerability in Foconet 1 The Foconet (aka suporte.com.foconet) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7004 | Peta | Cryptographic Issues vulnerability in Peta 1.1 The PETA (aka com.peta.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7003 | Goodwinproject | Cryptographic Issues vulnerability in Goodwinproject Goodwin 1.15 The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7002 | Goomeo | Cryptographic Issues vulnerability in Goomeo Sopexa Pavillon France 3.6.5 The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7001 | Ijianren | Cryptographic Issues vulnerability in Ijianren Jian REN 1.5.1 The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-7000 | Paulalexanderformayor | Cryptographic Issues vulnerability in Paulalexanderformayor Paul Alexander Campaign 4.5.8 The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6999 | Jogoeusei | Cryptographic Issues vulnerability in Jogoeusei Questoes OAB 1.2 The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6998 | Smartstudy | Cryptographic Issues vulnerability in Smartstudy Pinkfong TV 4 The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6997 | Itiw Webdev | Cryptographic Issues vulnerability in Itiw-Webdev Dino Village 1.6 The Dino Village (aka com.tappocket.dinovillage) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6996 | Cocodigi | Cryptographic Issues vulnerability in Cocodigi Martial Arts Battle Card 1.0.9 The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application 1.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6995 | Adidas | Cryptographic Issues vulnerability in Adidas Eyewear 1.2 The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6994 | Atecea | Cryptographic Issues vulnerability in Atecea 1.2 The Atecea (aka com.atecea) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6993 | Codeeta | Cryptographic Issues vulnerability in Codeeta Coupons 1.0.5 The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6992 | Timelessblack | Cryptographic Issues vulnerability in Timelessblack Timeless Black 2.10.6 The Timeless Black (aka com.apptive.android.apps.timeless) application 2.10.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6991 | Liveauctions | Cryptographic Issues vulnerability in Liveauctions Liveauctions.Tv 2.005 The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6990 | Albasit Artes Y Danza Project | Cryptographic Issues vulnerability in Albasit Artes Y Danza Project Albasit Artes Y Danza 1.2 The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6989 | Germanwings | Cryptographic Issues vulnerability in Germanwings 2.1.13 The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6988 | Lumberapps | Cryptographic Issues vulnerability in Lumberapps Quotes in Images 3.7.5 The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6987 | Mass Gaming TV Project | Cryptographic Issues vulnerability in Mass Gaming TV Project Mass Gaming TV 1 The Mass Gaming TV (aka net.massgamers) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6986 | Fotoschilenas | Cryptographic Issues vulnerability in Fotoschilenas Pregnancy Tips 1 The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6985 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Georgia Packing 3.9.16 The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6984 | Shots | Cryptographic Issues vulnerability in Shots 1.0.8 The Shots (aka com.shots.android) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6983 | NBE | Cryptographic Issues vulnerability in NBE 1.1 The NBE (aka com.nbe.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6982 | Arabic Troll Football Project | Cryptographic Issues vulnerability in Arabic Troll Football Project Arabic Troll Football 1.0.1 The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6981 | TBB | Cryptographic Issues vulnerability in TBB Taiwan Business Bank 2.04 The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6980 | Naver | Cryptographic Issues vulnerability in Naver Line Play 2.3.1.1 The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6979 | Miway | Cryptographic Issues vulnerability in Miway Insurance LTD 1.2 The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6978 | Grouperahal | Cryptographic Issues vulnerability in Grouperahal Karim Rahal Essoulami 1 The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6977 | Chattanoogastate | Cryptographic Issues vulnerability in Chattanoogastate Elearn 1.0.649.1194 The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application 1.0.649.1194 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6976 | Aeroexpress | Cryptographic Issues vulnerability in Aeroexpress 2.6.2 The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6975 | Twin LIN Project | Cryptographic Issues vulnerability in Twin LIN Project Twin LIN 5 The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6974 | Mifashow | Cryptographic Issues vulnerability in Mifashow Hairstyles 3.7 The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6973 | Akronchildrens | Cryptographic Issues vulnerability in Akronchildrens Care4Kids 1.03 The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6972 | Kazakhstan Radio Project | Cryptographic Issues vulnerability in Kazakhstan Radio Project Kazakhstan Radio 2.5 The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6971 | Easy Video Downloader Project | Cryptographic Issues vulnerability in Easy Video Downloader Project Easy Video Downloader 4.4.1 The Easy Video Downloader (aka com.simon.padillar.EasyVideo) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6970 | Graphicstylus | Cryptographic Issues vulnerability in Graphicstylus North American Ismaili Games 5.26.2 The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6969 | Blynk | Cryptographic Issues vulnerability in Blynk Deltin Suites 3.4.1 The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6968 | Mobileappsuite | Cryptographic Issues vulnerability in Mobileappsuite Grandma'S Grotto 1 The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6967 | Vivonet | Cryptographic Issues vulnerability in Vivonet Albion College 2.1.16 The Albion College (aka com.vivomobile.albioncollege) application 2.1.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6966 | Parentlink | Cryptographic Issues vulnerability in Parentlink West Bend School District 4.0.500 The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6965 | FAZ | Cryptographic Issues vulnerability in FAZ Faz.Net 1.0.1 The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6964 | Hyonga | Cryptographic Issues vulnerability in Hyonga Hanyang University Admissions 2.1.3 The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6963 | Feiron | Cryptographic Issues vulnerability in Feiron 1.1 The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6962 | Publicstuff | Cryptographic Issues vulnerability in Publicstuff ELK Grove Publicstuff 3.2 The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6961 | Sudaninet | Cryptographic Issues vulnerability in Sudaninet 2 The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6960 | Sourcelink | Cryptographic Issues vulnerability in Sourcelink Multitrac 1.04 The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6959 | Haowanlab | Cryptographic Issues vulnerability in Haowanlab Qincard 2 The QinCard (aka com.haowan.qincard) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6958 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Ismrm-Esmrmb 2014 6.0.8.5 The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6957 | Boopsie | Cryptographic Issues vulnerability in Boopsie Scottcolibmn 4.5.110 The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6956 | Misterpark | Cryptographic Issues vulnerability in Misterpark Hydrogen Water 1 The Hydrogen Water (aka com.appzone628) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6955 | Misterpark | Cryptographic Issues vulnerability in Misterpark LE Grand Bleu 1 The Le Grand Bleu (aka com.appzone468) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6954 | Deer Hunting Calls Guide Project | Cryptographic Issues vulnerability in Deer Hunting Calls + Guide Project Deer Hunting Calls + Guide 4.0.1 The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-6953 | Afterlifewitharchie | Cryptographic Issues vulnerability in Afterlifewitharchie Afterlife With Archie 2.4.1 The AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-16 | CVE-2014-4881 | Partytrack Library Project | Cryptographic Issues vulnerability in Partytrack Library Project Partytrack Library The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6952 | Manga Facts Project | Cryptographic Issues vulnerability in Manga Facts Project Manga Facts 1 The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6951 | Onefile | Cryptographic Issues vulnerability in Onefile Ignite 1.19 The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6950 | Civitasmedia | Cryptographic Issues vulnerability in Civitasmedia MT. Airy News 1.0069.B0069 The Mt. | 5.4 |
2014-10-15 | CVE-2014-6949 | Fotoschilenas | Cryptographic Issues vulnerability in Fotoschilenas Akne Ernahrung 1 The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6948 | Th3Professional | Cryptographic Issues vulnerability in Th3Professional TH3 Professional AL Mohtarif 1 The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6947 | Iversemedia | Cryptographic Issues vulnerability in Iversemedia Archie Comics 1.07 The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6946 | Misterpark | Cryptographic Issues vulnerability in Misterpark Re:Kyu 1 The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6945 | Dakshaa | Cryptographic Issues vulnerability in Dakshaa Neeku Naaku Dash 1 The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6944 | Mitfahrgelegenheit | Cryptographic Issues vulnerability in Mitfahrgelegenheit Mitfahrgelegenheit.At 2.3.0 The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6943 | Koenigsleiten77 | Cryptographic Issues vulnerability in Koenigsleiten77 Konigsleiten 1 The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-15 | CVE-2014-6942 | Automon | Cryptographic Issues vulnerability in Automon Alisha Marie 1.4.0.6 The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-17 | CVE-2014-2278 | Seeddms | Improper Input Validation vulnerability in Seeddms Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter. | 5.1 |
2014-10-19 | CVE-2014-7191 | Nodejs | Resource Management Errors vulnerability in Nodejs Node.Js The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. | 5.0 |
2014-10-19 | CVE-2014-5425 | Ioserver | Resource Management Errors vulnerability in Ioserver 1.0.18.0/1.0.19.0 IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header. | 5.0 |
2014-10-19 | CVE-2014-3381 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. | 5.0 |
2014-10-19 | CVE-2014-3021 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. | 5.0 |
2014-10-18 | CVE-2014-4417 | Apple | Improper Input Validation vulnerability in Apple mac OS X Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. | 5.0 |
2014-10-17 | CVE-2014-2064 | Jenkins | Information Exposure vulnerability in Jenkins The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | 5.0 |
2014-10-17 | CVE-2014-2061 | Jenkins | Cryptographic Issues vulnerability in Jenkins The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | 5.0 |
2014-10-17 | CVE-2014-2060 | Jenkins | Unspecified vulnerability in Jenkins The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | 5.0 |
2014-10-16 | CVE-2014-8316 | SAP | Unspecified vulnerability in SAP Businessobjects Explorer 14.0.5 XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. | 5.0 |
2014-10-16 | CVE-2014-8315 | SAP | Information Exposure vulnerability in SAP Businessobjects Explorer 14.0.5 polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | 5.0 |
2014-10-16 | CVE-2014-8309 | SAP | Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | 5.0 |
2014-10-16 | CVE-2014-3679 | Jenkins CI | Information Disclosure vulnerability in Monitoring Plugin The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages. | 5.0 |
2014-10-15 | CVE-2014-6519 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. | 5.0 |
2014-10-15 | CVE-2014-6517 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. | 5.0 |
2014-10-15 | CVE-2014-6515 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | 5.0 |
2014-10-15 | CVE-2014-6511 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
2014-10-15 | CVE-2014-6504 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. | 5.0 |
2014-10-15 | CVE-2014-6498 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | 5.0 |
2014-10-15 | CVE-2014-6490 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. | 5.0 |
2014-10-15 | CVE-2014-6476 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. | 5.0 |
2014-10-15 | CVE-2014-6472 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539. | 5.0 |
2014-10-15 | CVE-2014-6459 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-2476. | 5.0 |
2014-10-15 | CVE-2014-4277 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283. | 5.0 |
2014-10-15 | CVE-2014-2476 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-6459. | 5.0 |
2014-10-15 | CVE-2014-2475 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv). | 5.0 |
2014-10-15 | CVE-2014-2474 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2476, and CVE-2014-6459. | 5.0 |
2014-10-15 | CVE-2014-2473 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl). | 5.0 |
2014-10-15 | CVE-2014-2472 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2474, CVE-2014-2476, and CVE-2014-6459. | 5.0 |
2014-10-15 | CVE-2014-1830 | Opensuse Python | Information Exposure vulnerability in multiple products Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | 5.0 |
2014-10-15 | CVE-2014-1829 | Debian Python Canonical Mageia | Information Exposure vulnerability in multiple products Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | 5.0 |
2014-10-15 | CVE-2014-1580 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. | 5.0 |
2014-10-13 | CVE-2014-3091 | IBM | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 5.0 |
2014-10-13 | CVE-2014-1572 | Fedoraproject Mozilla | Permissions, Privileges, and Access Controls vulnerability in multiple products The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. | 5.0 |
2014-10-18 | CVE-2014-4434 | Apple | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | 4.9 |
2014-10-15 | CVE-2014-6557 | Oracle | Remote Security vulnerability in Oracle Application Performance Management Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management. | 4.9 |
2014-10-15 | CVE-2014-6497 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
2014-10-15 | CVE-2014-6461 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.2 Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Roles & Privileges. | 4.9 |
2014-10-15 | CVE-2014-6460 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY. | 4.9 |
2014-10-15 | CVE-2014-4275 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. | 4.9 |
2014-10-13 | CVE-2014-7975 | Linux Canonical | The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. | 4.9 |
2014-10-13 | CVE-2014-7970 | Novell Linux Canonical | Resource Exhaustion vulnerability in multiple products The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . | 4.9 |
2014-10-18 | CVE-2014-4442 | Apple | Improper Input Validation vulnerability in Apple mac OS X The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket. | 4.7 |
2014-10-18 | CVE-2014-4432 | Apple | Cryptographic Issues vulnerability in Apple mac OS X fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | 4.7 |
2014-10-18 | CVE-2014-4430 | Apple | Cryptographic Issues vulnerability in Apple mac OS X CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. | 4.7 |
2014-10-13 | CVE-2014-8086 | Linux Suse | Race Condition vulnerability in multiple products Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. | 4.7 |
2014-10-18 | CVE-2014-4425 | Apple | Improper Authentication vulnerability in Apple mac OS X CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | 4.6 |
2014-10-15 | CVE-2014-4280 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284. | 4.6 |
2014-10-15 | CVE-2014-0572 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors. | 4.6 |
2014-10-18 | CVE-2014-4444 | Apple | Improper Authentication vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | 4.4 |
2014-10-18 | CVE-2014-4435 | Apple | Improper Authentication vulnerability in Apple mac OS X The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | 4.4 |
2014-10-15 | CVE-2014-4284 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280. | 4.4 |
2014-10-19 | CVE-2014-6116 | IBM | Improper Authentication vulnerability in IBM Websphere MQ 8.0.0.1 The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | 4.3 |
2014-10-19 | CVE-2014-5331 | Aptana | Cross-Site Scripting vulnerability in Aptana Aflax 1.0 Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-19 | CVE-2014-5330 | Birdblog | Cross-Site Scripting vulnerability in Birdblog Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-19 | CVE-2014-4830 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
2014-10-19 | CVE-2014-4828 | IBM | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | 4.3 |
2014-10-19 | CVE-2014-4827 | IBM | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-10-19 | CVE-2014-4825 | IBM | Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. | 4.3 |
2014-10-19 | CVE-2014-2647 | HP | Cross-Site Scripting vulnerability in HP Operations Agent Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-18 | CVE-2014-4439 | Apple | Information Exposure vulnerability in Apple mac OS X Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | 4.3 |
2014-10-18 | CVE-2014-4436 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. | 4.3 |
2014-10-18 | CVE-2014-4426 | Apple | Information Exposure vulnerability in Apple mac OS X AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | 4.3 |
2014-10-17 | CVE-2014-2065 | Jenkins | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. | 4.3 |
2014-10-16 | CVE-2014-8314 | SAP | Cross-Site Scripting vulnerability in SAP Hana Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent. | 4.3 |
2014-10-16 | CVE-2014-8308 | SAP | Cross-Site Scripting vulnerability in SAP Businessobjects 4.0 Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-16 | CVE-2014-8307 | C97 | Cross-Site Scripting vulnerability in C97 Cart Engine 3.0 Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php. | 4.3 |
2014-10-16 | CVE-2014-8304 | IN Portal | Cross-Site Scripting vulnerability in In-Portal 4.3.1/5.0 Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php. | 4.3 |
2014-10-16 | CVE-2014-8303 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. | 4.3 |
2014-10-16 | CVE-2014-8301 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header. | 4.3 |
2014-10-16 | CVE-2014-7181 | Maxfoundry | Cross-Site Scripting vulnerability in Maxfoundry Maxbuttons 1.26.0 Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. | 4.3 |
2014-10-16 | CVE-2014-7138 | Google Calendar Events Project | Cross-Site Scripting vulnerability in Google Calendar Events Project Google Calendar Events 2.0.3.1 Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php. | 4.3 |
2014-10-16 | CVE-2014-8296 | Drupal | Cross-Site Scripting vulnerability in Drupal Modal Frame Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-15 | CVE-2014-6561 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Separate Remittance Advice. | 4.3 |
2014-10-15 | CVE-2014-6559 | Juniper Mariadb Oracle Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. | 4.3 |
2014-10-15 | CVE-2014-6552 | Oracle | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console. | 4.3 |
2014-10-15 | CVE-2014-6550 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Applications Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp. | 4.3 |
2014-10-15 | CVE-2014-6539 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472. | 4.3 |
2014-10-15 | CVE-2014-6531 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 4.3 |
2014-10-15 | CVE-2014-6522 | Oracle | Remote Security vulnerability in Oracle JDeveloper Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces. | 4.3 |
2014-10-15 | CVE-2014-6516 | Oracle | Local Security vulnerability in Oracle JD Edwards products 8.98 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC. | 4.3 |
2014-10-15 | CVE-2014-6512 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. | 4.3 |
2014-10-15 | CVE-2014-6507 | Mariadb Oracle Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | 4.3 |
2014-10-15 | CVE-2014-6496 | Juniper Oracle Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. | 4.3 |
2014-10-15 | CVE-2014-6495 | Oracle Juniper Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. | 4.3 |
2014-10-15 | CVE-2014-6494 | Oracle Mariadb Juniper Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. | 4.3 |
2014-10-15 | CVE-2014-6478 | Juniper Oracle Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. | 4.3 |
2014-10-15 | CVE-2014-6471 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OAM Diagnostics. | 4.3 |
2014-10-15 | CVE-2014-6462 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.1.0/11.1.2.2.0 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console. | 4.3 |
2014-10-15 | CVE-2014-4285 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration. | 4.3 |
2014-10-15 | CVE-2014-4283 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277. | 4.3 |
2014-10-15 | CVE-2014-4281 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Portal Integration. | 4.3 |
2014-10-15 | CVE-2014-8293 | PHP Resource | Cross-Site Scripting vulnerability in PHP Resource Voice of web Allmyguests 0.4.1 Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php. | 4.3 |
2014-10-15 | CVE-2014-6312 | Login Widget With Shortcode Project | Cross-Site Scripting vulnerability in Login Widget With Shortcode Project Login Widget With Shortcode Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php. | 4.3 |
2014-10-15 | CVE-2014-4140 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | 4.3 |
2014-10-15 | CVE-2014-4122 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 2.0/3.5/3.5.1 Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | 4.3 |
2014-10-15 | CVE-2014-4075 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Asp.Net Model View Controller Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability." | 4.3 |
2014-10-15 | CVE-2014-1584 | Mozilla | Cryptographic Issues vulnerability in Mozilla Firefox The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user. | 4.3 |
2014-10-15 | CVE-2014-1582 | Mozilla | Cryptographic Issues vulnerability in Mozilla Firefox The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority. | 4.3 |
2014-10-15 | CVE-2014-0571 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-14 | CVE-2014-8765 | Drupal | Cross-Site Scripting vulnerability in Drupal Project Issue File Review Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page. | 4.3 |
2014-10-14 | CVE-2014-8069 | Yootheme | Cross-Site Scripting vulnerability in Yootheme Pagekit 0.8.7 Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php. | 4.3 |
2014-10-14 | CVE-2014-6313 | Woothemes | Cross-Site Scripting vulnerability in Woothemes Woocommerce Plugin Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php. | 4.3 |
2014-10-13 | CVE-2014-8747 | Drupal | Cross-Site Scripting vulnerability in Drupal Commons Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages. | 4.3 |
2014-10-13 | CVE-2014-1573 | Fedoraproject Mozilla | Cross-Site Scripting vulnerability in multiple products Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name. | 4.3 |
2014-10-15 | CVE-2014-4274 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. | 4.1 |
2014-10-17 | CVE-2014-7960 | Openstack | Resource Management Errors vulnerability in Openstack Swift OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. | 4.0 |
2014-10-17 | CVE-2013-7330 | Jenkins | Permissions, Privileges, and Access Controls vulnerability in Jenkins Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | 4.0 |
2014-10-15 | CVE-2014-6564 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. | 4.0 |
2014-10-15 | CVE-2014-6563 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538. | 4.0 |
2014-10-15 | CVE-2014-6547 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-6542 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454. | 4.0 |
2014-10-15 | CVE-2014-6538 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563. | 4.0 |
2014-10-15 | CVE-2014-6534 | Oracle | Remote Security vulnerability in Oracle WebLogic Server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect integrity via vectors related to WLS Console. | 4.0 |
2014-10-15 | CVE-2014-6523 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface. | 4.0 |
2014-10-15 | CVE-2014-6520 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. | 4.0 |
2014-10-15 | CVE-2014-6505 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE. | 4.0 |
2014-10-15 | CVE-2014-6486 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Talent Acquisition Manager - Security. | 4.0 |
2014-10-15 | CVE-2014-6484 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. | 4.0 |
2014-10-15 | CVE-2014-6482 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant. | 4.0 |
2014-10-15 | CVE-2014-6479 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration. | 4.0 |
2014-10-15 | CVE-2014-6464 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS. | 4.0 |
2014-10-15 | CVE-2014-6457 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. | 4.0 |
2014-10-15 | CVE-2014-6454 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542. | 4.0 |
2014-10-15 | CVE-2014-6452 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542. | 4.0 |
2014-10-15 | CVE-2014-4310 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4300 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | 4.0 |
2014-10-15 | CVE-2014-4299 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | 4.0 |
2014-10-15 | CVE-2014-4298 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | 4.0 |
2014-10-15 | CVE-2014-4297 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4296 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4295 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563. | 4.0 |
2014-10-15 | CVE-2014-4294 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563. | 4.0 |
2014-10-15 | CVE-2014-4293 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4292 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4291 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4290 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | 4.0 |
2014-10-15 | CVE-2014-4287 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. | 4.0 |
2014-10-13 | CVE-2014-1571 | Mozilla Fedoraproject | Information Exposure vulnerability in multiple products Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. | 4.0 |
42 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-15 | CVE-2014-6544 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289. | 3.6 |
2014-10-15 | CVE-2014-6543 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM). | 3.6 |
2014-10-15 | CVE-2014-4289 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-6544. | 3.6 |
2014-10-15 | CVE-2014-7206 | Debian | Link Following vulnerability in Debian Advanced Package Tool and APT The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | 3.6 |
2014-10-19 | CVE-2014-6100 | IBM | Cross-Site Scripting vulnerability in IBM Security Directory Server and Tivoli Directory Server Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-19 | CVE-2014-5420 | Carefusion | Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1 CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors. | 3.5 |
2014-10-19 | CVE-2014-4838 | IBM | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-19 | CVE-2014-4837 | IBM | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-19 | CVE-2014-4836 | IBM | Cross-Site Scripting vulnerability in IBM Tririga Application Platform Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-10-17 | CVE-2014-2995 | Twitget Project | Cross-Site Scripting vulnerability in Twitget Project Twitget Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php. | 3.5 |
2014-10-17 | CVE-2014-2068 | Jenkins | Permissions, Privileges, and Access Controls vulnerability in Jenkins The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | 3.5 |
2014-10-17 | CVE-2014-8320 | Custom Search Project | Cross-Site Scripting vulnerability in Custom Search Project Custom Search Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page. | 3.5 |
2014-10-17 | CVE-2014-8319 | Easy Social Project | Cross-Site Scripting vulnerability in Easy Social Project Easy Social Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title. | 3.5 |
2014-10-17 | CVE-2014-8318 | Webform Project | Cross-Site Scripting vulnerability in Webform Project Webform Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key. | 3.5 |
2014-10-17 | CVE-2014-8317 | Webform Validation Project | Cross-Site Scripting vulnerability in Webform Validation Project Webform Validation Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text. | 3.5 |
2014-10-16 | CVE-2014-8311 | SAP | Information Disclosure vulnerability in SAP Businessobjects 4.0 SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | 3.5 |
2014-10-16 | CVE-2014-8302 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard. | 3.5 |
2014-10-15 | CVE-2014-6536 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security. | 3.5 |
2014-10-15 | CVE-2014-6487 | Oracle | Remote Security vulnerability in Oracle Identity Manager Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service. | 3.5 |
2014-10-15 | CVE-2014-6475 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 3.5 |
2014-10-15 | CVE-2014-6474 | Oracle Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. | 3.5 |
2014-10-13 | CVE-2014-8748 | Drupal | Cross-Site Scripting vulnerability in Drupal Doubleclick FOR Publishers 7.X1.0/7.X1.1 Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | 3.5 |
2014-10-13 | CVE-2014-8746 | Drupal | Cross-Site Scripting vulnerability in Drupal Skeleton Theme 7.X1.2/7.X1.3 Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. | 3.5 |
2014-10-13 | CVE-2014-8745 | Drupal | Cross-Site Scripting vulnerability in Drupal Custom Search Module Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. | 3.5 |
2014-10-13 | CVE-2014-8744 | Drupal | Cross-Site Scripting vulnerability in Drupal Nivo Slider Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. | 3.5 |
2014-10-13 | CVE-2014-8743 | Drupal | Cross-Site Scripting vulnerability in Drupal Maestro Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. | 3.5 |
2014-10-15 | CVE-2014-3566 | Redhat IBM Apple Mageia Novell Opensuse Fedoraproject Openssl Netbsd Debian Oracle | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |
2014-10-15 | CVE-2014-6463 | Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. | 3.3 |
2014-10-18 | CVE-2014-4440 | Apple | Information Exposure vulnerability in Apple mac OS X The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | 2.6 |
2014-10-15 | CVE-2014-6558 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. | 2.6 |
2014-10-15 | CVE-2014-6527 | Oracle | Unspecified vulnerability in Oracle JRE 1.7.0/1.8.0 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. | 2.6 |
2014-10-15 | CVE-2014-6502 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. | 2.6 |
2014-10-15 | CVE-2014-2478 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | 2.6 |
2014-10-18 | CVE-2014-4446 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple OS X Server Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | 2.1 |
2014-10-18 | CVE-2014-4431 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | 2.1 |
2014-10-15 | CVE-2014-6551 | Oracle Mariadb Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. | 2.1 |
2014-10-15 | CVE-2014-6501 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. | 2.1 |
2014-10-15 | CVE-2014-6488 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management. | 2.1 |
2014-10-19 | CVE-2014-5423 | Carefusion | Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1 CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file. | 1.9 |
2014-10-19 | CVE-2014-4822 | IBM | Credentials Management vulnerability in IBM Websphere MQ and Websphere MQ Explorer IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation. | 1.9 |
2014-10-18 | CVE-2014-4447 | Apple | Cryptographic Issues vulnerability in Apple OS X Server Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | 1.9 |
2014-10-15 | CVE-2014-6540 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests. | 1.9 |