Weekly Vulnerabilities Reports > October 13 to 19, 2014

Overview

641 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 43 high severity vulnerabilities. This weekly summary report vulnerabilities in 494 products from 326 vendors including Oracle, Magzter, Apple, Microsoft, and Jenkins. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 286 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 57 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 546 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-15 CVE-2014-6513 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

10.0
2014-10-15 CVE-2014-4121 Microsoft Resource Management Errors vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."

10.0
2014-10-15 CVE-2014-4073 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

10.0
2014-10-15 CVE-2014-0569 Adobe
Linux
Apple
Microsoft
Integer Overflow vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2014-10-15 CVE-2014-0564 Adobe
Linux
Apple
Microsoft
Memory Corruption vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.

10.0
2014-10-15 CVE-2014-0558 Adobe
Apple
Microsoft
Linux
Code Injection vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564.

10.0
2014-10-13 CVE-2014-7297 Kriesi Remote Security vulnerability in Enfold

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.

10.0
2014-10-19 CVE-2014-5422 Carefusion Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.

9.7
2014-10-15 CVE-2014-6562 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3
2014-10-15 CVE-2014-6532 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.

9.3
2014-10-15 CVE-2014-6503 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.

9.3
2014-10-15 CVE-2014-6485 Oracle Unspecified vulnerability in Oracle JRE 1.8.0

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

9.3
2014-10-15 CVE-2014-6456 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

9.3
2014-10-15 CVE-2014-2927 F5 Improper Authentication vulnerability in F5 products

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

9.3
2014-10-15 CVE-2014-4148 Microsoft Code Injection vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."

9.3
2014-10-15 CVE-2014-4141 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4138 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.

9.3
2014-10-15 CVE-2014-4137 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4133.

9.3
2014-10-15 CVE-2014-4134 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4133 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4137.

9.3
2014-10-15 CVE-2014-4132 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4138.

9.3
2014-10-15 CVE-2014-4130 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138.

9.3
2014-10-15 CVE-2014-4129 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4128 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4127 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4126 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-10-15 CVE-2014-4117 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

9.3
2014-10-15 CVE-2014-4114 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

9.3
2014-10-15 CVE-2014-6560 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.

9.0
2014-10-15 CVE-2014-6546 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0
2014-10-15 CVE-2014-6545 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.

9.0
2014-10-15 CVE-2014-6467 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.

9.0
2014-10-15 CVE-2014-6455 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0
2014-10-15 CVE-2014-6453 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.

9.0

43 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-19 CVE-2014-3397 Cisco Resource Management Errors vulnerability in Cisco Telepresence MCU Software

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.

7.8
2014-10-19 CVE-2014-3368 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.

7.8
2014-10-18 CVE-2014-4443 Apple Improper Input Validation vulnerability in Apple mac OS X

Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

7.8
2014-10-15 CVE-2014-6508 SUN Remote Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).

7.8
2014-10-14 CVE-2014-6380 Juniper Denial of Service vulnerability in Juniper Junos

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets.

7.8
2014-10-14 CVE-2014-6378 Juniper Resource Management Errors vulnerability in Juniper Junos

Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message.

7.8
2014-10-14 CVE-2014-6377 Juniper Resource Management Errors vulnerability in Juniper Junos E

Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8.

7.8
2014-10-14 CVE-2014-3818 Juniper Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Junos

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.

7.8
2014-10-15 CVE-2014-6493 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.

7.6
2014-10-15 CVE-2014-6492 Oracle
Mozilla
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
7.6
2014-10-15 CVE-2014-4288 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.

7.6
2014-10-19 CVE-2014-4840 IBM Improper Input Validation vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.

7.5
2014-10-18 CVE-2014-4427 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

7.5
2014-10-17 CVE-2014-2063 Jenkins Unspecified vulnerability in Jenkins

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

7.5
2014-10-16 CVE-2014-8306 C97 SQL Injection vulnerability in C97 Cart Engine 3.0

SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.

7.5
2014-10-16 CVE-2014-8240 Tigervnc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tigervnc

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.

7.5
2014-10-16 CVE-2014-3666 Redhat
Jenkins
Code Injection vulnerability in multiple products

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

7.5
2014-10-16 CVE-2014-3704 Drupal SQL Injection vulnerability in Drupal Core

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

7.5
2014-10-15 CVE-2014-6500 Oracle
Juniper
Mariadb
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.

7.5
2014-10-15 CVE-2014-6491 Oracle
Juniper
Mariadb
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.

7.5
2014-10-15 CVE-2014-4278 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms.

7.5
2014-10-15 CVE-2014-4276 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).

7.5
2014-10-15 CVE-2014-8295 Bacula SQL Injection vulnerability in Bacula Bacula-Web 5.2.10

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.

7.5
2014-10-15 CVE-2014-8294 PHP Resource SQL Injection vulnerability in PHP Resource Voice of web Allmyguests 0.4.1

Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.

7.5
2014-10-15 CVE-2014-1581 Mozilla Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

7.5
2014-10-15 CVE-2014-1578 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

7.5
2014-10-15 CVE-2014-1576 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.

7.5
2014-10-15 CVE-2014-1575 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.

7.5
2014-10-15 CVE-2014-1574 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2014-10-14 CVE-2014-8766 Allomani SQL Injection vulnerability in Allomani Weblinks 1.0

Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.

7.5
2014-10-14 CVE-2014-6379 Juniper Improper Authentication vulnerability in Juniper Junos

Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors.

7.5
2014-10-18 CVE-2014-4433 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.

7.2
2014-10-15 CVE-2014-6473 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.

7.2
2014-10-15 CVE-2014-4282 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

7.2
2014-10-15 CVE-2014-4115 Microsoft Resource Management Errors vulnerability in Microsoft products

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability."

7.2
2014-10-15 CVE-2014-4113 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

7.2
2014-10-19 CVE-2014-3567 Openssl Improper Input Validation vulnerability in Openssl

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

7.1
2014-10-19 CVE-2014-3513 Openssl Improper Input Validation vulnerability in Openssl

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

7.1
2014-10-19 CVE-2014-3406 Cisco Race Condition vulnerability in Cisco Intrusion Prevention System

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.

7.1
2014-10-19 CVE-2014-3370 Cisco Resource Management Errors vulnerability in Cisco products

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447.

7.1
2014-10-19 CVE-2014-3369 Cisco Resource Management Errors vulnerability in Cisco products

The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252.

7.1
2014-10-16 CVE-2014-8310 SAP Improper Input Validation vulnerability in SAP Businessobjects 4.0

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.

7.1
2014-10-15 CVE-2014-2022 Vbulletin SQL Injection vulnerability in Vbulletin

SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.

7.1

522 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-18 CVE-2014-4438 Apple Race Condition vulnerability in Apple mac OS X

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.

6.9
2014-10-15 CVE-2014-6466 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

6.9
2014-10-15 CVE-2014-6458 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

6.9
2014-10-19 CVE-2014-7874 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Hp-Ux and System Management Homepage

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-10-19 CVE-2014-5421 Carefusion Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access.

6.8
2014-10-19 CVE-2014-3408 Cisco Cross-Site Scripting vulnerability in Cisco Prime Optical 10.0

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.

6.8
2014-10-19 CVE-2014-2358 FOX IT Cross-Site Request Forgery (CSRF) vulnerability in Fox-It FOX Datadiode 1.7.1

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions.

6.8
2014-10-18 CVE-2014-4441 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

6.8
2014-10-18 CVE-2014-4437 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.

6.8
2014-10-18 CVE-2014-4391 Apple Cryptographic Issues vulnerability in Apple mac OS X

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.

6.8
2014-10-18 CVE-2014-4351 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

6.8
2014-10-17 CVE-2014-2559 Twitget Project Cross-Site Request Forgery (CSRF) vulnerability in Twitget Project Twitget 3.3.1

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.

6.8
2014-10-17 CVE-2014-8756 Panasonic Improper Input Validation vulnerability in Panasonic Network Camera Recorder 4.04R02

The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.

6.8
2014-10-17 CVE-2014-8755 Panasonic Improper Input Validation vulnerability in Panasonic Network Camera View 3.0/4.0

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."

6.8
2014-10-17 CVE-2014-8074 Foxitsoftware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxitsoftware Foxit PDF SDK Activex

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.

6.8
2014-10-17 CVE-2014-2066 Jenkins Improper Authentication vulnerability in Jenkins

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.

6.8
2014-10-16 CVE-2014-7237 Twiki
Microsoft
Permissions, Privileges, and Access Controls vulnerability in multiple products

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

6.8
2014-10-16 CVE-2014-3686 W1 FI
Canonical
Debian
Improper Input Validation vulnerability in multiple products

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

6.8
2014-10-15 CVE-2014-6533 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite 6.1.0/6.2.0

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.

6.8
2014-10-15 CVE-2014-6529 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.

6.8
2014-10-15 CVE-2014-6506 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

6.8
2014-10-15 CVE-2014-6499 Oracle Remote Security vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector.

6.8
2014-10-15 CVE-2014-6470 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.

6.8
2014-10-15 CVE-2014-6469 Mariadb
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

6.8
2014-10-15 CVE-2014-6468 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

6.8
2014-10-15 CVE-2014-2576 Claws Mail
Opensuse
Cryptographic Issues vulnerability in multiple products

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

6.8
2014-10-15 CVE-2014-4124 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.

6.8
2014-10-15 CVE-2014-4123 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.

6.8
2014-10-15 CVE-2014-0570 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Coldfusion

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-10-14 CVE-2014-8070 Yootheme Unspecified vulnerability in Yootheme Pagekit 0.8.7

Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout.

6.8
2014-10-14 CVE-2014-3825 Juniper Improper Input Validation vulnerability in Juniper products

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet.

6.8
2014-10-19 CVE-2014-4833 IBM Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input.

6.5
2014-10-18 CVE-2014-3573 Redhat Improper Input Validation vulnerability in Redhat Enterprise Virtualization Manager

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

6.5
2014-10-17 CVE-2014-6283 Sybase Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.

6.5
2014-10-17 CVE-2014-2062 Jenkins Improper Authentication vulnerability in Jenkins

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

6.5
2014-10-17 CVE-2014-2058 Jenkins Permissions, Privileges, and Access Controls vulnerability in Jenkins

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job.

6.5
2014-10-15 CVE-2014-6555 Mariadb
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

6.5
2014-10-15 CVE-2014-6537 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2014-10-15 CVE-2014-6530 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.

6.5
2014-10-15 CVE-2014-8750 Openstack Race Condition vulnerability in Openstack Nova

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

6.5
2014-10-17 CVE-2014-2279 Seeddms Path Traversal vulnerability in Seeddms

Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a ..

6.4
2014-10-16 CVE-2014-8305 C97 Remote Security vulnerability in C97 Cart Engine 3.0

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.

6.4
2014-10-15 CVE-2014-6553 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.7.0

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console.

6.4
2014-10-15 CVE-2014-1577 Mozilla Out of Bounds Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.

6.4
2014-10-13 CVE-2014-7284 Linux Information Exposure vulnerability in Linux Kernel

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.

6.4
2014-10-15 CVE-2014-6465 Oracle Remote Security vulnerability in Oracle Communications Applications Scx640M5

Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept.

6.3
2014-10-16 CVE-2014-8313 SAP Code Injection vulnerability in SAP Hana

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.

6.0
2014-10-16 CVE-2014-3663 Jenkins
Redhat
Permissions, Privileges, and Access Controls vulnerability in Jenkins

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.

6.0
2014-10-15 CVE-2014-6483 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2014-10-15 CVE-2014-3593 Scientificlinux Code Injection vulnerability in Scientificlinux Luci 0.26.0

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.

6.0
2014-10-15 CVE-2014-6535 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY.

5.8
2014-10-15 CVE-2014-6554 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.1.0/11.1.2.2.0

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console.

5.5
2014-10-15 CVE-2014-6489 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.

5.5
2014-10-19 CVE-2014-7483 Desire2Learn Fusion 2014 Project Cryptographic Issues vulnerability in Desire2Learn Fusion 2014 Project Desire2Learn Fusion 2014 4.0.729.1748

The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7481 Etghosting Cryptographic Issues vulnerability in Etghosting ETG Hosting 2

The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7478 Nashaplaneta Cryptographic Issues vulnerability in Nashaplaneta Nashaplaneta.Su 1.02

The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7476 Androidebookapp Cryptographic Issues vulnerability in Androidebookapp Healthy Lunch Diet Recipes 3.6.1

The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7475 Drifty Cryptographic Issues vulnerability in Drifty Ionic View 0.0.2

The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7472 Mascov Cryptographic Issues vulnerability in Mascov Csapp - Colegio SAN Agustin 1

The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7471 International Arbitration Attorney Cryptographic Issues vulnerability in International-Arbitration-Attorney International-Arbitration-Attorney.Com 0.1

The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7470 Jogoeusei Cryptographic Issues vulnerability in Jogoeusei I Know the Movie 1.1

The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7469 Best Beginning Project Cryptographic Issues vulnerability in Best Beginning Project Best Beginning 2.0

The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7468 AG Klettern Odenwald Cryptographic Issues vulnerability in Ag-Klettern-Odenwald AG Klettern Odenwald 1.2

The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7467 Magzter Cryptographic Issues vulnerability in Magzter Honeybee MAG 3

The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7466 Live TV Browser Project Cryptographic Issues vulnerability in Live TV Browser Project Live TV Browser 2

The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7465 Pocketmags Cryptographic Issues vulnerability in Pocketmags PC Advisor @7F08017A

The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7464 Magicstamp Cryptographic Issues vulnerability in Magicstamp Magic Stamp 2.8

The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7463 IM5 Fans Planet Project Cryptographic Issues vulnerability in IM5 Fans Planet Project IM5 Fans Planet 2.3.1

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7462 Teamlava Cryptographic Issues vulnerability in Teamlava Fashion Story: Neon 90'S 1.5.6.5

The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7461 Teknopoint Cryptographic Issues vulnerability in Teknopoint A King Sperm BY DR. Seema RAO 0.63.13384.23020

The A King Sperm by Dr.

5.4
2014-10-19 CVE-2014-7460 Superluckycasino Cryptographic Issues vulnerability in Superluckycasino Slots Heaven:Free Slot Machine 1.123

The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7459 Civitasmedia Cryptographic Issues vulnerability in Civitasmedia Press-Leader 1.0011.B0011

The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7458 Bloomyou Cryptographic Issues vulnerability in Bloomyou Valentine 2.4

The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7457 Magzter Cryptographic Issues vulnerability in Magzter Electronics for YOU 3.02

The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7456 Magzter Cryptographic Issues vulnerability in Magzter Digit Magazine 3.01

The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7455 Automon Cryptographic Issues vulnerability in Automon Zoella Unofficial 1.4.0.5

The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7454 Mbtcreations Cryptographic Issues vulnerability in Mbtcreations Detox Juicing Diet Recipes 1.1

The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7452 Shaklee Product Catalog Project Cryptographic Issues vulnerability in Shaklee Product Catalog Project Shaklee Product Catalog 2

The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7450 Allnurses Cryptographic Issues vulnerability in Allnurses 3.4.10

The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7449 Ngemc Cryptographic Issues vulnerability in Ngemc MY Ngemc Account 1.153.0034

The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7448 Magzter Cryptographic Issues vulnerability in Magzter Dealside Institutional 3.1

The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7447 Dattch Cryptographic Issues vulnerability in Dattch - the Lesbian APP 0.3

The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7446 Bilingual Magic Ball Project Cryptographic Issues vulnerability in Bilingual Magic Ball Project Bilingual Magic Ball 0.1

The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7445 Jowangel Cryptographic Issues vulnerability in Jowangel Legend of Trance 1

The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7444 Baidu Cryptographic Issues vulnerability in Baidu Navigation 3.5.0

The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7443 Face FUN Photo Collage Maker Project Cryptographic Issues vulnerability in Face FUN Photo Collage Maker Project Face FUN Photo Collage Maker 2 1.3.0

The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7441 Pakan KEN Tube Project Cryptographic Issues vulnerability in Pakan KEN Tube Project Pakan KEN Tube 0.1

The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7439 Beneplus Cryptographic Issues vulnerability in Beneplus Bene+ Odmeny A Slevy 1.2.3

The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7437 Love Horoscope Guide Project Cryptographic Issues vulnerability in Love Horoscope Guide Project Love Horoscope Guide 1

The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7436 SOS Recette Project Cryptographic Issues vulnerability in SOS Recette Project SOS Recette 1

The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7435 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps AJD Bail Bonds 1.1

The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7434 RTS Cryptographic Issues vulnerability in RTS Rtsinfo 1.4.8

The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7433 Hioa Cryptographic Issues vulnerability in Hioa Student ID 1.2

The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7432 Rama Palaniappan Cryptographic Issues vulnerability in Rama-Palaniappan Calculatorapp 4

The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7431 Standardchartered Cryptographic Issues vulnerability in Standardchartered Breeze Jersey 1

The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7430 Flood IT Project Cryptographic Issues vulnerability in Flood-It Project Flood-It 4.2

The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7428 7725 Cryptographic Issues vulnerability in 7725 7725.Com Three Kingdoms 2.4

The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7427 Hunting Trophy Whitetails Project Cryptographic Issues vulnerability in Hunting Trophy Whitetails Project Hunting Trophy Whitetails 0.75.13441.88885

The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application 0.75.13441.88885 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7425 Doodlegod Cryptographic Issues vulnerability in Doodlegod Doodle Devil Free 2.1.4

The Doodle Devil Free (aka com.joybits.doodledevil_free) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7424 Quranedu Cryptographic Issues vulnerability in Quranedu Quran ABU Bakr Ashshatiri Free 1

The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7423 Magzter Cryptographic Issues vulnerability in Magzter Youth Incorporated 3

The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7422 Homerelectric Cryptographic Issues vulnerability in Homerelectric HEA Mobile 1.153.0034

The HEA Mobile (aka com.homerelectric.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7421 Mytoursapp Cryptographic Issues vulnerability in Mytoursapp Revel in the Rideau Lakes 1.0.6

The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7420 Magzter Cryptographic Issues vulnerability in Magzter Just Bureaucracy 3.0.1

The Just Bureaucracy (aka com.magzter.justbureaucracy) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7419 Pokecreator Cryptographic Issues vulnerability in Pokecreator Lite 1.1

The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7418 Magzter Cryptographic Issues vulnerability in Magzter BBC Knowledge Magazine 3.01

The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7417 Realacademiabellasartessanfernando Cryptographic Issues vulnerability in Realacademiabellasartessanfernando Real Academia DE Bellas Artes 1

The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7416 Pocketmags Cryptographic Issues vulnerability in Pocketmags Craft Stamper Magazine @7F080183

The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7415 Nobexrc Cryptographic Issues vulnerability in Nobexrc Asylum! 3.3.10

The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7414 Magzter Cryptographic Issues vulnerability in Magzter Cleo Malaysia 3.01

The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7413 Nakodabhairav Cryptographic Issues vulnerability in Nakodabhairav Rajendra Suriji 1.1

The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7410 Aliakay Cryptographic Issues vulnerability in Aliakay Aptallik Testi 4

The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7409 Djogjahotel Cryptographic Issues vulnerability in Djogjahotel Liburan Hemat 1

The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7408 Garyjohnson2012 Cryptographic Issues vulnerability in Garyjohnson2012 Gary Johnson for President '12 0.75.13439.53899

The Gary Johnson for President '12 (aka com.GaryJohnson2012) application 0.75.13439.53899 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7407 Mygamedaytix Cryptographic Issues vulnerability in Mygamedaytix Game DAY TIX 2.4

The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7406 Deakin Cryptographic Issues vulnerability in Deakin University 1.1.729.1694

The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7405 Appbasedtechnologies Cryptographic Issues vulnerability in Appbasedtechnologies Belaire Family Orthodontics 1.304

The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7403 Nzhondas Cryptographic Issues vulnerability in Nzhondas Nzhondas.Com 3.6.14

The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7402 Encardirect Cryptographic Issues vulnerability in Encardirect SK Encar @7F050000

The SK encar (aka com.encardirect.app) application @7F050000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7399 Susanglathar Cryptographic Issues vulnerability in Susanglathar Suzanne Glathar 1.399

The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7398 Buronya Cryptographic Issues vulnerability in Buronya DIL Bilgisi Kurallari 1

The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7397 Byfes Cryptographic Issues vulnerability in Byfes Ileri Gazetesi - Yozgat 1

The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7396 Pocketknife Bravo Super Project Cryptographic Issues vulnerability in Pocketknife Bravo Super Project Pocketknife Bravo Super 0.54.13345.33028

The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application 0.54.13345.33028 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7395 Usfbcm Cryptographic Issues vulnerability in Usfbcm USF BCM 252847

The USF BCM (aka com.appmakr.app193115) application 252847 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7394 Alaaliwat Cryptographic Issues vulnerability in Alaaliwat Www.Alaaliwat.Com 4.9

The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7393 Mbtcreations Cryptographic Issues vulnerability in Mbtcreations 100 Beauty Tips 1.1

The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7392 Avto Russia Cryptographic Issues vulnerability in Avto-Russia Russian Federation Traffic Rules 1.21

The Russian Federation Traffic Rules (aka com.russia.pdd) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7391 Pintsized Cryptographic Issues vulnerability in Pintsized Synx Addictive Puzzle Game 1

The Synx addictive puzzle game (aka us.synx.mobile.play) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7390 Tabtale Cryptographic Issues vulnerability in Tabtale Enchanted Fashion Crush 1.0.0

The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7389 Nobexrc Cryptographic Issues vulnerability in Nobexrc Amnesia Groove 3.2.3

The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7388 Magzter Cryptographic Issues vulnerability in Magzter Sunday Indian Oriya 3.0.1

The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7387 Accadvocacy Cryptographic Issues vulnerability in Accadvocacy ACC Advocacy Action 2

The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7385 Aperturemobilemedia Cryptographic Issues vulnerability in Aperturemobilemedia Aperture Mobile Media 1.404

The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7384 Userfriendlymedia Cryptographic Issues vulnerability in Userfriendlymedia Joe'S Lawn Service 1.5

The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7382 Alternative Connection Project Cryptographic Issues vulnerability in Alternative Connection Project Alternative Connection 0.1

The Alternative Connection (aka com.wAlternativeConnection) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7380 Apps2You Cryptographic Issues vulnerability in Apps2You Cedar Kiosk 1.1

The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7379 Eigenwinkelapp Cryptographic Issues vulnerability in Eigenwinkelapp Kiddie Kinderschoenen 1

The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7378 Jobranco Project Cryptographic Issues vulnerability in Jobranco Project Jobranco 1.1

The Jobranco (aka com.jobranco) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7376 Facebook Profits ON Steroids Project Cryptographic Issues vulnerability in Facebook Profits ON Steroids Project Facebook Profits ON Steroids 0.1

The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7375 Mobileappcity Cryptographic Issues vulnerability in Mobileappcity Childcare 1.399

The Childcare (aka com.app_macchildcare.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7374 Narr8 Cryptographic Issues vulnerability in Narr8 Spin - Motion Comic 2.1.7

The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7373 Magzter Cryptographic Issues vulnerability in Magzter Inspire Weddings 3

The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7372 Kellygerards Cryptographic Issues vulnerability in Kellygerards Mr.Sausage 1.301

The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7371 Appearingbusiness Cryptographic Issues vulnerability in Appearingbusiness Magic Balloonman Marty Boone 1.4

The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7370 Mobleeps Cryptographic Issues vulnerability in Mobleeps JOB Mobleeps 0.1

The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7369 Galsila Cryptographic Issues vulnerability in Galsila IL Brillo Parlante 0.1

The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7368 Creatingahaven Cryptographic Issues vulnerability in Creatingahaven Compassion Satisfaction 0.75.13440.35155

The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7367 TUS Radis Cryptographic Issues vulnerability in Tus-Radis TUS 1947 Radis 1

The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7366 Magzter Cryptographic Issues vulnerability in Magzter Identity 3.01

The Identity (aka com.magzter.identity) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7364 Promotionalshop Cryptographic Issues vulnerability in Promotionalshop Promotional Items 0.1

The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7362 Naranjascontocados Cryptographic Issues vulnerability in Naranjascontocados Naranjas CON Tocados 0.1

The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7361 Emunching Cryptographic Issues vulnerability in Emunching Harry'S PUB 1.0.0

The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7360 Health Cryptographic Issues vulnerability in Health HOW TO Boil Eggs 251333

The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7359 Elsio Cryptographic Issues vulnerability in Elsio Mapa DA Mina 0.1

The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7358 Concursive Cryptographic Issues vulnerability in Concursive Vermont Powder 4.1

The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7357 Bfac Cryptographic Issues vulnerability in Bfac Grandparenting IS Great 1.4

The Grandparenting is Great (aka com.app_gig.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7354 Magzter Cryptographic Issues vulnerability in Magzter Penumbra Emag 3

The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7353 Jazan 24 Project Cryptographic Issues vulnerability in Jazan 24 Project Jazan 24 1

The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7352 India S Anthem Project Cryptographic Issues vulnerability in India'S Anthem Project India'S Anthem 1

The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7351 Magzter Cryptographic Issues vulnerability in Magzter Global Movie Magazine 3

The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7348 Magzter Cryptographic Issues vulnerability in Magzter HOT Cars 3

The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7346 Magzter Cryptographic Issues vulnerability in Magzter Bespoke 3

The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7345 Diychatroom Cryptographic Issues vulnerability in Diychatroom 3.4.0

The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7344 Pocketmags Cryptographic Issues vulnerability in Pocketmags Classic Arms & Militaria @7F080193

The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7342 Echonewshk Cryptographic Issues vulnerability in Echonewshk Echo News Beta

The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7341 Sasync Cryptographic Issues vulnerability in Sasync 1.2.0

The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7340 Pocketmags Cryptographic Issues vulnerability in Pocketmags OLD Bike Mart @7F08017E

The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F08017E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7339 Makeitpossible Cryptographic Issues vulnerability in Makeitpossible Cuanto Conoces A UN Amigo 2

The Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7338 Faailkhair Cryptographic Issues vulnerability in Faailkhair 1

The faailkhair (aka com.faailkhair.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7337 Estateapps Cryptographic Issues vulnerability in Estateapps Acorn Estate Agents 3.1

The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7336 Princetoncorporatesolutions Cryptographic Issues vulnerability in Princetoncorporatesolutions Taking Your Company Public 1.28.44.441

The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application 1.28.44.441 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7335 NYC Cryptographic Issues vulnerability in NYC Liver Health - Hepatitis C 2.0.0

The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7334 Magzter Cryptographic Issues vulnerability in Magzter Where Dallas 3.0.2

The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7333 Qmania Cryptographic Issues vulnerability in Qmania Aloha Guide 1.3

The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7331 Todaysseniorsnetwork Cryptographic Issues vulnerability in Todaysseniorsnetwork 0.21.13245.84038

The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0.21.13245.84038 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7330 Xtendcu Cryptographic Issues vulnerability in Xtendcu Mobile 1.0.28

The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7329 Digifi Cryptographic Issues vulnerability in Digifi Motoring Classics 1.8.6

The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7328 Brainabundance Cryptographic Issues vulnerability in Brainabundance Brain Abundance Info 0.1

The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7327 Magzter Cryptographic Issues vulnerability in Magzter Macau Business 3

The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7326 En2Grate Cryptographic Issues vulnerability in En2Grate ETA Mobile 1.6.6

The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7325 Magzter Cryptographic Issues vulnerability in Magzter Business Intelligence 3

The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7323 Magzter Cryptographic Issues vulnerability in Magzter Dignity Dialogue 3

The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7321 Offertaviaggi Cryptographic Issues vulnerability in Offertaviaggi Firenze MAP 0.1

The Firenze map (aka com.wFirenzemap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7320 Shirakaba Project Cryptographic Issues vulnerability in Shirakaba Project Shirakaba 1

The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7317 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Aloha Bail Bonds 1.1

The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7316 Synrevoice Cryptographic Issues vulnerability in Synrevoice Safe Arrival 1.2

The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7315 Magzter Cryptographic Issues vulnerability in Magzter Where Atlanta 3.0.2

The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7314 Magzter Cryptographic Issues vulnerability in Magzter Intelligent SME 3

The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7313 ONE YOU Fitness Project Cryptographic Issues vulnerability in ONE YOU Fitness Project ONE YOU Fitness 1.399

The One You Fitness (aka com.app_oneyou.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7310 ALI Visual Project Cryptographic Issues vulnerability in ALI Visual Project ALI Visual 1

The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7309 Where2Stop Cryptographic Issues vulnerability in Where2Stop Where2Stop-Cardlocks-Free 6.1

The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application 6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7307 Forosocuellamos Cryptographic Issues vulnerability in Forosocuellamos 1.1

The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7135 Ayuntamientodecoana Cryptographic Issues vulnerability in Ayuntamientodecoana Ayuntamiento DE Coana 0.2

The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7134 Skydreams Cryptographic Issues vulnerability in Skydreams Prof. Usman ALI Awheela 2.1

The PROF.

5.4
2014-10-19 CVE-2014-7132 Jambatan PBB Semporna Project Cryptographic Issues vulnerability in Jambatan PBB Semporna Project Jambatan PBB Semporna 13523.82613

The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7131 Core Apps Cryptographic Issues vulnerability in Core-Apps Digital Content Newfronts 2014 6.0.7.6

The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7129 Gannett Cryptographic Issues vulnerability in Gannett Argus Leader Print Edition 6.7

The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7128 Toyotaownersclub Cryptographic Issues vulnerability in Toyotaownersclub Toyota OC 3.6.1

The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7127 Pocketmags Cryptographic Issues vulnerability in Pocketmags Football Espana Magazine @7F0801Aa

The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7125 Magzter Cryptographic Issues vulnerability in Magzter Motor 3

The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7124 Consulo Cryptographic Issues vulnerability in Consulo IP Alarm 1.4

The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7123 Vbwebdesigner Cryptographic Issues vulnerability in Vbwebdesigner Brevir Harian V2 2

The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7122 Gannett Cryptographic Issues vulnerability in Gannett Lansing State Journal Print 6.7

The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7121 Magzter Cryptographic Issues vulnerability in Magzter Dhanam 3.1

The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7120 Pocketmags Cryptographic Issues vulnerability in Pocketmags Model Laboratory @7F080193

The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7119 Ecolehoangnam Cryptographic Issues vulnerability in Ecolehoangnam Gnam 2013 1

The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7118 Itography Cryptographic Issues vulnerability in Itography Item Hunt 3.0.3

The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7117 Forestarea Cryptographic Issues vulnerability in Forestarea Forest Area FCU Mobile 1.0.29

The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7116 Pocketmags Cryptographic Issues vulnerability in Pocketmags NRA Journal @7F080181

The NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7115 Mailgod Cryptographic Issues vulnerability in Mailgod Letters TO GOD - Soc. Network 0.1

The Letters to God - soc.

5.4
2014-10-19 CVE-2014-7113 Nasa Universe Wallpapers Xeus Project Cryptographic Issues vulnerability in Nasa Universe Wallpapers Xeus Project Nasa Universe Wallpapers Xeus 1

The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7111 Android Excellence Project Cryptographic Issues vulnerability in Android Excellence Project Android Excellence 1.4.1

The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7109 Nesvarnik Cryptographic Issues vulnerability in Nesvarnik 1

The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7108 Appbelle Cryptographic Issues vulnerability in Appbelle Stop Headaches and Migraines 1.2

The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7100 Sm3Ny Cryptographic Issues vulnerability in Sm3Ny Www.Sm3Ny.Com 1

The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7084 Ireadercity Cryptographic Issues vulnerability in Ireadercity Hesheng 80 3.0.2

The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7083 Jiujik Cryptographic Issues vulnerability in Jiujik JIU JIK 1.4.0

The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7080 Sigong Ebook Project Cryptographic Issues vulnerability in Sigong Ebook Project Sigong Ebook 1.0.0

The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7079 Cybird Cryptographic Issues vulnerability in Cybird Romeo and Juliet 1.0.6

The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7075 Happycloud Cryptographic Issues vulnerability in Happycloud Happy 2

The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7070 AIR WAR Hero Project Cryptographic Issues vulnerability in AIR WAR Hero Project AIR WAR Hero 3

The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7056 Yeast Infection Project Cryptographic Issues vulnerability in Yeast Infection Project Yeast Infection 0.1

The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7052 CWS Cryptographic Issues vulnerability in CWS Sahab-Alkher.Com 2.4.9.7

The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7107 Magzter Cryptographic Issues vulnerability in Magzter Human Factor 3.01

The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7106 PP Solution Cryptographic Issues vulnerability in Pp-Solution Orakel-Ball 0.2

The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7104 Johtru Cryptographic Issues vulnerability in Johtru Gymnoovp 1.2

The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7103 Oskarshamnsliv Project Cryptographic Issues vulnerability in Oskarshamnsliv Project Oskarshamnsliv 6

The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7102 Quotezone Cryptographic Issues vulnerability in Quotezone CAR Insurance Quote Comparison 2.3

The Car Insurance Quote Comparison (aka com.seopa.quotezone) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7101 Nobexrc Cryptographic Issues vulnerability in Nobexrc Talk Radio Europe 3.3.10

The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7099 Magzter Cryptographic Issues vulnerability in Magzter Woodcraft Magazine 3

The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7098 Fylet Cryptographic Issues vulnerability in Fylet Secure Large File Sender 2

The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7093 Pocketmags Cryptographic Issues vulnerability in Pocketmags Superbike Magazine @7F08017A

The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7092 Ubooly Cryptographic Issues vulnerability in Ubooly 4.3.0

The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7091 NBA Cryptographic Issues vulnerability in NBA Sacramento Kings 6.0.8

The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7090 Vcccd Cryptographic Issues vulnerability in Vcccd Myvcccd 1.4.14

The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7089 Appsgeyser Cryptographic Issues vulnerability in Appsgeyser Competition Information 0.1

The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7088 JDM Lifestyle Project Cryptographic Issues vulnerability in JDM Lifestyle Project JDM Lifestyle 6.4

The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7087 Appa Apps Cryptographic Issues vulnerability in Appa-Apps TOP Roller Coasters Europe 1 @7F050001

The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7086 Killer Screen Lock Project Cryptographic Issues vulnerability in Killer Screen Lock Project Killer Screen Lock 0.5

The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7085 Independent Cryptographic Issues vulnerability in Independent I Newspaper @7F080184

The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7082 Imapp Cryptographic Issues vulnerability in Imapp NO Disturb 3.3

The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7078 Payoneer Sign UP Project Cryptographic Issues vulnerability in Payoneer Sign UP Project Payoneer Sign UP 0.1

The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7077 Gcefcu Cryptographic Issues vulnerability in Gcefcu Gulf Coast Educators FCU 1.0.27

The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7076 Magzter Cryptographic Issues vulnerability in Magzter Sanctuary Asia 3

The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7073 Andrew Magdy Kamal S Network Project Cryptographic Issues vulnerability in Andrew Magdy Kamal'S Network Project Andrew Magdy Kamal'S Network 0.1

The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7072 Offertaviaggi Cryptographic Issues vulnerability in Offertaviaggi Venezia MAP 0.1

The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7071 Magzter Cryptographic Issues vulnerability in Magzter Autocar India 3.03

The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7069 Aventinobrand Cryptographic Issues vulnerability in Aventinobrand Aventino Brand 2.2

The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7068 Neumann Cryptographic Issues vulnerability in Neumann Student Activities 216607

The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7067 Appsgeyser Cryptographic Issues vulnerability in Appsgeyser Btd5 Videos 0.1

The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7066 Magzter Cryptographic Issues vulnerability in Magzter Legalera 3

The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7065 Ukbusinessaid Cryptographic Issues vulnerability in Ukbusinessaid Nigerias Business Directory 0.70.13414.17619

The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7064 Ben10 Omniverse Walkthrough Project Cryptographic Issues vulnerability in Ben10 Omniverse Walkthrough Project Ben10 Omniverse Walkthrough 0.7

The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application 0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7063 Bikersromagna Cryptographic Issues vulnerability in Bikersromagna Bikers Romagna 1

The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7062 Association MIN Ajlik Project Cryptographic Issues vulnerability in Association MIN Ajlik Project Association MIN Ajlik 1

The Association Min Ajlik (aka com.association.min.ajlik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7061 Modsimconnected Cryptographic Issues vulnerability in Modsimconnected Modsim World 2014 2.0.0

The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7060 Yourtango Cryptographic Issues vulnerability in Yourtango Your Tango 1

The Your Tango (aka com.your.tango) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7059 Thedevildoggamer Project Cryptographic Issues vulnerability in Thedevildoggamer Project Thedevildoggamer 1

The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7058 Efendimizin Sunnetleri Project Cryptographic Issues vulnerability in Efendimizin Sunnetleri Project Efendimizin Sunnetleri 2.1

The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7057 Magzter Cryptographic Issues vulnerability in Magzter Hong Kong Tatler Society 3

The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7055 Quickmobile Cryptographic Issues vulnerability in Quickmobile Ncci'S Annual Issues Symposium 1

The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7054 Nobexrc Cryptographic Issues vulnerability in Nobexrc Musica DE Barrios Sonideros 3.3.10

The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-19 CVE-2014-7053 Citystar Cryptographic Issues vulnerability in Citystar City Star ME 1

The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-18 CVE-2014-4428 Apple Cryptographic Issues vulnerability in Apple mac OS X

Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.

5.4
2014-10-16 CVE-2014-7050 Givenu Cryptographic Issues vulnerability in Givenu Give 1.5.3

The givenu give (aka com.givenu.give) application 1.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7049 Somcloud Cryptographic Issues vulnerability in Somcloud Somtodo - Task/To-Do Widget 2.0.3

The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7048 Bearidlock Cryptographic Issues vulnerability in Bearidlock Bear ID Lock 0.1

The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7045 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Bust OUT Bail 1.1

The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7044 Street Walker Project Cryptographic Issues vulnerability in Street Walker Project Street Walker 0.0.1

The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7043 Cadpage Cryptographic Issues vulnerability in Cadpage 1.7.44

The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7042 Nteloswireless Cryptographic Issues vulnerability in Nteloswireless MY Ntelos 1.1.2

** DISPUTED ** The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7041 Simbiotnetwork Cryptographic Issues vulnerability in Simbiotnetwork Simgene 1.3

The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7040 Unicreditgroup Cryptographic Issues vulnerability in Unicreditgroup Unicredit Investors 1

The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7039 Roguewaveproductionsllc Cryptographic Issues vulnerability in Roguewaveproductionsllc Wild Women United 1

The Wild Women United (aka com.wildwomenunited) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7038 AL Jazeera Project Cryptographic Issues vulnerability in AL Jazeera Project AL Jazeera 6.0

The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7037 Kuronecostudio Cryptographic Issues vulnerability in Kuronecostudio Noble Sticker Free 1.0.7

The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7036 Questfcu Cryptographic Issues vulnerability in Questfcu Quest Federal CU Mobile 1.0.27

The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7035 Harmonizers Planet Project Cryptographic Issues vulnerability in Harmonizers Planet Project Harmonizers Planet 2.3.4

The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7034 Senatorinn Cryptographic Issues vulnerability in Senatorinn Senator INN & SPA 1.2.2.160

The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application 1.2.2.160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7033 Curecos Cryptographic Issues vulnerability in Curecos Cure Viewer 1.03

The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7032 Myhabit Cryptographic Issues vulnerability in Myhabit @7F080041

The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7031 Redatoms Cryptographic Issues vulnerability in Redatoms Three 2.5

The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7030 Tejonstore Cryptographic Issues vulnerability in Tejonstore Dieta Dukan Passo A Passo 1

The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7029 Ticstyle Cryptographic Issues vulnerability in Ticstyle Bultmonster Registret 1.1

The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7028 Myapp Cryptographic Issues vulnerability in Myapp Ibis PAU Centre 1

The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7027 Pimpstore Cryptographic Issues vulnerability in Pimpstore Esercizi PER LE Donne 1

The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7026 Lifetimefitness Cryptographic Issues vulnerability in Lifetimefitness Life Time Fitness 1.9

The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7025 Whoisit The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-10-16 CVE-2014-7024 Pdlk Cryptographic Issues vulnerability in Pdlk Hardest Game Collection 1.5.0

The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7023 Find Color Project Cryptographic Issues vulnerability in Find Color Project Find Color 1.1.1

The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7022 Modelisme Cryptographic Issues vulnerability in Modelisme Modelisme.Com Forum/Portail 3.6.9

The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7021 LEG Surgery Kids Games Project Cryptographic Issues vulnerability in LEG Surgery - Kids Games Project LEG Surgery - Kids Games 1.0.2

The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7020 Diabetes Cryptographic Issues vulnerability in Diabetes Forum 3.9.30

The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7019 Blynk Cryptographic Issues vulnerability in Blynk Clarks INN 3.3.0

The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7018 Efunfun Cryptographic Issues vulnerability in Efunfun Love Dance 1.2.0626

The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7017 TIM BAN BON Phuong Project Cryptographic Issues vulnerability in TIM BAN BON Phuong Project TIM BAN BON Phuong 2.2

The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7016 Mahasna Batik Project Cryptographic Issues vulnerability in Mahasna Batik Project Mahasna Batik 1

The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7015 Jjmatch Cryptographic Issues vulnerability in Jjmatch JJ Texas Hold'Em Poker 1.13.23.Hd

The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7013 Funny Photo Color Editor Project Cryptographic Issues vulnerability in Funny Photo Color Editor Project Funny Photo Color Editor 0.0.4

The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7012 Coffee INN Cryptographic Issues vulnerability in Coffee-Inn Coffee INN 2.0.1

The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7011 Nwtc Cryptographic Issues vulnerability in Nwtc Mobile 1.4.17

The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7010 Utsa Cryptographic Issues vulnerability in Utsa Mobile 1.4.21

The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7009 Hkbn Cryptographic Issues vulnerability in Hkbn MY Account @7F070015

The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7008 Frandroid Cryptographic Issues vulnerability in Frandroid Forum Frandroid Beta 3.4.3

The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7007 Nobexrc Cryptographic Issues vulnerability in Nobexrc Master MIX 3.3.5

The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7006 Apheliontechnologies Cryptographic Issues vulnerability in Apheliontechnologies Hydfm 1.1.9

The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7005 Foconet Cryptographic Issues vulnerability in Foconet 1

The Foconet (aka suporte.com.foconet) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7004 Peta Cryptographic Issues vulnerability in Peta 1.1

The PETA (aka com.peta.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7003 Goodwinproject Cryptographic Issues vulnerability in Goodwinproject Goodwin 1.15

The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7002 Goomeo Cryptographic Issues vulnerability in Goomeo Sopexa Pavillon France 3.6.5

The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7001 Ijianren Cryptographic Issues vulnerability in Ijianren Jian REN 1.5.1

The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-7000 Paulalexanderformayor Cryptographic Issues vulnerability in Paulalexanderformayor Paul Alexander Campaign 4.5.8

The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6999 Jogoeusei Cryptographic Issues vulnerability in Jogoeusei Questoes OAB 1.2

The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6998 Smartstudy Cryptographic Issues vulnerability in Smartstudy Pinkfong TV 4

The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6997 Itiw Webdev Cryptographic Issues vulnerability in Itiw-Webdev Dino Village 1.6

The Dino Village (aka com.tappocket.dinovillage) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6996 Cocodigi Cryptographic Issues vulnerability in Cocodigi Martial Arts Battle Card 1.0.9

The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application 1.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6995 Adidas Cryptographic Issues vulnerability in Adidas Eyewear 1.2

The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6994 Atecea Cryptographic Issues vulnerability in Atecea 1.2

The Atecea (aka com.atecea) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6993 Codeeta Cryptographic Issues vulnerability in Codeeta Coupons 1.0.5

The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6992 Timelessblack Cryptographic Issues vulnerability in Timelessblack Timeless Black 2.10.6

The Timeless Black (aka com.apptive.android.apps.timeless) application 2.10.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6991 Liveauctions Cryptographic Issues vulnerability in Liveauctions Liveauctions.Tv 2.005

The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6990 Albasit Artes Y Danza Project Cryptographic Issues vulnerability in Albasit Artes Y Danza Project Albasit Artes Y Danza 1.2

The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6989 Germanwings Cryptographic Issues vulnerability in Germanwings 2.1.13

The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6988 Lumberapps Cryptographic Issues vulnerability in Lumberapps Quotes in Images 3.7.5

The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6987 Mass Gaming TV Project Cryptographic Issues vulnerability in Mass Gaming TV Project Mass Gaming TV 1

The Mass Gaming TV (aka net.massgamers) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6986 Fotoschilenas Cryptographic Issues vulnerability in Fotoschilenas Pregnancy Tips 1

The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6985 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Georgia Packing 3.9.16

The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6984 Shots Cryptographic Issues vulnerability in Shots 1.0.8

The Shots (aka com.shots.android) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6983 NBE Cryptographic Issues vulnerability in NBE 1.1

The NBE (aka com.nbe.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6982 Arabic Troll Football Project Cryptographic Issues vulnerability in Arabic Troll Football Project Arabic Troll Football 1.0.1

The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6981 TBB Cryptographic Issues vulnerability in TBB Taiwan Business Bank 2.04

The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6980 Naver Cryptographic Issues vulnerability in Naver Line Play 2.3.1.1

The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6979 Miway Cryptographic Issues vulnerability in Miway Insurance LTD 1.2

The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6978 Grouperahal Cryptographic Issues vulnerability in Grouperahal Karim Rahal Essoulami 1

The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6977 Chattanoogastate Cryptographic Issues vulnerability in Chattanoogastate Elearn 1.0.649.1194

The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application 1.0.649.1194 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6976 Aeroexpress Cryptographic Issues vulnerability in Aeroexpress 2.6.2

The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6975 Twin LIN Project Cryptographic Issues vulnerability in Twin LIN Project Twin LIN 5

The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6974 Mifashow Cryptographic Issues vulnerability in Mifashow Hairstyles 3.7

The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6973 Akronchildrens Cryptographic Issues vulnerability in Akronchildrens Care4Kids 1.03

The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6972 Kazakhstan Radio Project Cryptographic Issues vulnerability in Kazakhstan Radio Project Kazakhstan Radio 2.5

The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6971 Easy Video Downloader Project Cryptographic Issues vulnerability in Easy Video Downloader Project Easy Video Downloader 4.4.1

The Easy Video Downloader (aka com.simon.padillar.EasyVideo) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6970 Graphicstylus Cryptographic Issues vulnerability in Graphicstylus North American Ismaili Games 5.26.2

The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6969 Blynk Cryptographic Issues vulnerability in Blynk Deltin Suites 3.4.1

The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6968 Mobileappsuite Cryptographic Issues vulnerability in Mobileappsuite Grandma'S Grotto 1

The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6967 Vivonet Cryptographic Issues vulnerability in Vivonet Albion College 2.1.16

The Albion College (aka com.vivomobile.albioncollege) application 2.1.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6966 Parentlink Cryptographic Issues vulnerability in Parentlink West Bend School District 4.0.500

The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6965 FAZ Cryptographic Issues vulnerability in FAZ Faz.Net 1.0.1

The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6964 Hyonga Cryptographic Issues vulnerability in Hyonga Hanyang University Admissions 2.1.3

The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6963 Feiron Cryptographic Issues vulnerability in Feiron 1.1

The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6962 Publicstuff Cryptographic Issues vulnerability in Publicstuff ELK Grove Publicstuff 3.2

The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6961 Sudaninet Cryptographic Issues vulnerability in Sudaninet 2

The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6960 Sourcelink Cryptographic Issues vulnerability in Sourcelink Multitrac 1.04

The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6959 Haowanlab Cryptographic Issues vulnerability in Haowanlab Qincard 2

The QinCard (aka com.haowan.qincard) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6958 Core Apps Cryptographic Issues vulnerability in Core-Apps Ismrm-Esmrmb 2014 6.0.8.5

The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6957 Boopsie Cryptographic Issues vulnerability in Boopsie Scottcolibmn 4.5.110

The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6956 Misterpark Cryptographic Issues vulnerability in Misterpark Hydrogen Water 1

The Hydrogen Water (aka com.appzone628) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6955 Misterpark Cryptographic Issues vulnerability in Misterpark LE Grand Bleu 1

The Le Grand Bleu (aka com.appzone468) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6954 Deer Hunting Calls Guide Project Cryptographic Issues vulnerability in Deer Hunting Calls + Guide Project Deer Hunting Calls + Guide 4.0.1

The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-6953 Afterlifewitharchie Cryptographic Issues vulnerability in Afterlifewitharchie Afterlife With Archie 2.4.1

The AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-16 CVE-2014-4881 Partytrack Library Project Cryptographic Issues vulnerability in Partytrack Library Project Partytrack Library

The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6952 Manga Facts Project Cryptographic Issues vulnerability in Manga Facts Project Manga Facts 1

The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6951 Onefile Cryptographic Issues vulnerability in Onefile Ignite 1.19

The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6950 Civitasmedia Cryptographic Issues vulnerability in Civitasmedia MT. Airy News 1.0069.B0069

The Mt.

5.4
2014-10-15 CVE-2014-6949 Fotoschilenas Cryptographic Issues vulnerability in Fotoschilenas Akne Ernahrung 1

The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6948 Th3Professional Cryptographic Issues vulnerability in Th3Professional TH3 Professional AL Mohtarif 1

The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6947 Iversemedia Cryptographic Issues vulnerability in Iversemedia Archie Comics 1.07

The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6946 Misterpark Cryptographic Issues vulnerability in Misterpark Re:Kyu 1

The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6945 Dakshaa Cryptographic Issues vulnerability in Dakshaa Neeku Naaku Dash 1

The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6944 Mitfahrgelegenheit Cryptographic Issues vulnerability in Mitfahrgelegenheit Mitfahrgelegenheit.At 2.3.0

The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6943 Koenigsleiten77 Cryptographic Issues vulnerability in Koenigsleiten77 Konigsleiten 1

The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-15 CVE-2014-6942 Automon Cryptographic Issues vulnerability in Automon Alisha Marie 1.4.0.6

The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-17 CVE-2014-2278 Seeddms Improper Input Validation vulnerability in Seeddms

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.

5.1
2014-10-19 CVE-2014-7191 Nodejs Resource Management Errors vulnerability in Nodejs Node.Js

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

5.0
2014-10-19 CVE-2014-5425 Ioserver Resource Management Errors vulnerability in Ioserver 1.0.18.0/1.0.19.0

IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header.

5.0
2014-10-19 CVE-2014-3381 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.

5.0
2014-10-19 CVE-2014-3021 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

5.0
2014-10-18 CVE-2014-4417 Apple Improper Input Validation vulnerability in Apple mac OS X

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

5.0
2014-10-17 CVE-2014-2064 Jenkins Information Exposure vulnerability in Jenkins

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.

5.0
2014-10-17 CVE-2014-2061 Jenkins Cryptographic Issues vulnerability in Jenkins

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.

5.0
2014-10-17 CVE-2014-2060 Jenkins Unspecified vulnerability in Jenkins

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.

5.0
2014-10-16 CVE-2014-8316 SAP Unspecified vulnerability in SAP Businessobjects Explorer 14.0.5

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.

5.0
2014-10-16 CVE-2014-8315 SAP Information Exposure vulnerability in SAP Businessobjects Explorer 14.0.5

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.

5.0
2014-10-16 CVE-2014-8309 SAP Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.

5.0
2014-10-16 CVE-2014-3679 Jenkins CI Information Disclosure vulnerability in Monitoring Plugin

The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.

5.0
2014-10-16 CVE-2014-3662 Jenkins
Redhat
Information Exposure vulnerability in Jenkins

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

5.0
2014-10-16 CVE-2014-3661 Redhat
Jenkins
Resource Management Errors vulnerability in multiple products

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

5.0
2014-10-15 CVE-2014-6519 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.

5.0
2014-10-15 CVE-2014-6517 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.

5.0
2014-10-15 CVE-2014-6515 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.

5.0
2014-10-15 CVE-2014-6511 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

5.0
2014-10-15 CVE-2014-6504 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.

5.0
2014-10-15 CVE-2014-6498 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Security.

5.0
2014-10-15 CVE-2014-6490 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.

5.0
2014-10-15 CVE-2014-6476 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.

5.0
2014-10-15 CVE-2014-6472 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539.

5.0
2014-10-15 CVE-2014-6459 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-2476.

5.0
2014-10-15 CVE-2014-4277 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.

5.0
2014-10-15 CVE-2014-2476 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-6459.

5.0
2014-10-15 CVE-2014-2475 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv).

5.0
2014-10-15 CVE-2014-2474 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2476, and CVE-2014-6459.

5.0
2014-10-15 CVE-2014-2473 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl).

5.0
2014-10-15 CVE-2014-2472 Oracle Remote Security vulnerability in Oracle Secure Global Desktop

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2474, CVE-2014-2476, and CVE-2014-6459.

5.0
2014-10-15 CVE-2014-1830 Opensuse
Python
Information Exposure vulnerability in multiple products

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

5.0
2014-10-15 CVE-2014-1829 Debian
Python
Canonical
Mageia
Information Exposure vulnerability in multiple products

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

5.0
2014-10-15 CVE-2014-1586 Mozilla Security Bypass vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.

5.0
2014-10-15 CVE-2014-1585 Mozilla Security Bypass vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.

5.0
2014-10-15 CVE-2014-1583 Mozilla Same Origin Policy Security Bypass vulnerability in Mozilla Firefox and Firefox ESR

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

5.0
2014-10-15 CVE-2014-1580 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

5.0
2014-10-13 CVE-2014-3091 IBM Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

5.0
2014-10-13 CVE-2014-1572 Fedoraproject
Mozilla
Permissions, Privileges, and Access Controls vulnerability in multiple products

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

5.0
2014-10-18 CVE-2014-4434 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.

4.9
2014-10-15 CVE-2014-6557 Oracle Remote Security vulnerability in Oracle Application Performance Management

Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management.

4.9
2014-10-15 CVE-2014-6497 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.

4.9
2014-10-15 CVE-2014-6461 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.2

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Roles & Privileges.

4.9
2014-10-15 CVE-2014-6460 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY.

4.9
2014-10-15 CVE-2014-4275 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.

4.9
2014-10-13 CVE-2014-7975 Linux
Canonical
The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.
4.9
2014-10-13 CVE-2014-7970 Novell
Linux
Canonical
Resource Exhaustion vulnerability in multiple products

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via .

4.9
2014-10-13 CVE-2014-7283 Linux
Redhat
Resource Management Errors vulnerability in multiple products

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

4.9
2014-10-18 CVE-2014-4442 Apple Improper Input Validation vulnerability in Apple mac OS X

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

4.7
2014-10-18 CVE-2014-4432 Apple Cryptographic Issues vulnerability in Apple mac OS X

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

4.7
2014-10-18 CVE-2014-4430 Apple Cryptographic Issues vulnerability in Apple mac OS X

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

4.7
2014-10-13 CVE-2014-8086 Linux
Suse
Race Condition vulnerability in multiple products

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

4.7
2014-10-18 CVE-2014-4425 Apple Improper Authentication vulnerability in Apple mac OS X

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

4.6
2014-10-15 CVE-2014-4280 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284.

4.6
2014-10-15 CVE-2014-0572 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

4.6
2014-10-18 CVE-2014-4444 Apple Improper Authentication vulnerability in Apple mac OS X

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.

4.4
2014-10-18 CVE-2014-4435 Apple Improper Authentication vulnerability in Apple mac OS X

The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.

4.4
2014-10-15 CVE-2014-4284 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280.

4.4
2014-10-19 CVE-2014-6116 IBM Improper Authentication vulnerability in IBM Websphere MQ 8.0.0.1

The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.

4.3
2014-10-19 CVE-2014-5331 Aptana Cross-Site Scripting vulnerability in Aptana Aflax 1.0

Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-19 CVE-2014-5330 Birdblog Cross-Site Scripting vulnerability in Birdblog

Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-19 CVE-2014-4830 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

4.3
2014-10-19 CVE-2014-4828 IBM Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.

4.3
2014-10-19 CVE-2014-4827 IBM Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-10-19 CVE-2014-4825 IBM Cryptographic Issues vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors.

4.3
2014-10-19 CVE-2014-3568 Openssl Cryptographic Issues vulnerability in Openssl

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

4.3
2014-10-19 CVE-2014-2647 HP Cross-Site Scripting vulnerability in HP Operations Agent

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-18 CVE-2014-4439 Apple Information Exposure vulnerability in Apple mac OS X

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.

4.3
2014-10-18 CVE-2014-4436 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.

4.3
2014-10-18 CVE-2014-4426 Apple Information Exposure vulnerability in Apple mac OS X

AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

4.3
2014-10-17 CVE-2014-2065 Jenkins Cross-Site Scripting vulnerability in Jenkins

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.

4.3
2014-10-16 CVE-2014-8314 SAP Cross-Site Scripting vulnerability in SAP Hana

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.

4.3
2014-10-16 CVE-2014-8308 SAP Cross-Site Scripting vulnerability in SAP Businessobjects 4.0

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-16 CVE-2014-8307 C97 Cross-Site Scripting vulnerability in C97 Cart Engine 3.0

Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php.

4.3
2014-10-16 CVE-2014-8304 IN Portal Cross-Site Scripting vulnerability in In-Portal 4.3.1/5.0

Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.

4.3
2014-10-16 CVE-2014-8303 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing.

4.3
2014-10-16 CVE-2014-8301 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header.

4.3
2014-10-16 CVE-2014-7181 Maxfoundry Cross-Site Scripting vulnerability in Maxfoundry Maxbuttons 1.26.0

Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.

4.3
2014-10-16 CVE-2014-7138 Google Calendar Events Project Cross-Site Scripting vulnerability in Google Calendar Events Project Google Calendar Events 2.0.3.1

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.

4.3
2014-10-16 CVE-2014-8296 Drupal Cross-Site Scripting vulnerability in Drupal Modal Frame

Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-15 CVE-2014-6561 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Separate Remittance Advice.

4.3
2014-10-15 CVE-2014-6559 Juniper
Mariadb
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

4.3
2014-10-15 CVE-2014-6552 Oracle Remote Security vulnerability in Oracle Access Manager

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.

4.3
2014-10-15 CVE-2014-6550 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp.

4.3
2014-10-15 CVE-2014-6539 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472.

4.3
2014-10-15 CVE-2014-6531 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

4.3
2014-10-15 CVE-2014-6522 Oracle Remote Security vulnerability in Oracle JDeveloper

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces.

4.3
2014-10-15 CVE-2014-6516 Oracle Local Security vulnerability in Oracle JD Edwards products 8.98

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC.

4.3
2014-10-15 CVE-2014-6512 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.

4.3
2014-10-15 CVE-2014-6507 Mariadb
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

4.3
2014-10-15 CVE-2014-6496 Juniper
Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.

4.3
2014-10-15 CVE-2014-6495 Oracle
Juniper
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.

4.3
2014-10-15 CVE-2014-6494 Mariadb
Oracle
Juniper
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

4.3
2014-10-15 CVE-2014-6478 Juniper
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.

4.3
2014-10-15 CVE-2014-6471 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OAM Diagnostics.

4.3
2014-10-15 CVE-2014-6462 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.1.0/11.1.2.2.0

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.

4.3
2014-10-15 CVE-2014-4285 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration.

4.3
2014-10-15 CVE-2014-4283 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.

4.3
2014-10-15 CVE-2014-4281 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Portal Integration.

4.3
2014-10-15 CVE-2014-8293 PHP Resource Cross-Site Scripting vulnerability in PHP Resource Voice of web Allmyguests 0.4.1

Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php.

4.3
2014-10-15 CVE-2014-6312 Login Widget With Shortcode Project Cross-Site Scripting vulnerability in Login Widget With Shortcode Project Login Widget With Shortcode

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.

4.3
2014-10-15 CVE-2014-3681 Redhat
Jenkins
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-15 CVE-2014-4140 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

4.3
2014-10-15 CVE-2014-4122 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 2.0/3.5/3.5.1

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."

4.3
2014-10-15 CVE-2014-4075 Microsoft Cross-Site Scripting vulnerability in Microsoft Asp.Net Model View Controller

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

4.3
2014-10-15 CVE-2014-1584 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

4.3
2014-10-15 CVE-2014-1582 Mozilla Cryptographic Issues vulnerability in Mozilla Firefox

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.

4.3
2014-10-15 CVE-2014-0571 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-10-15 CVE-2014-3566 Redhat
IBM
Apple
Mageia
Novell
Opensuse
Fedoraproject
Openssl
Netbsd
Debian
Oracle
Cryptographic Issues vulnerability in multiple products

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3
2014-10-14 CVE-2014-8765 Drupal Cross-Site Scripting vulnerability in Drupal Project Issue File Review

Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.

4.3
2014-10-14 CVE-2014-8069 Yootheme Cross-Site Scripting vulnerability in Yootheme Pagekit 0.8.7

Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php.

4.3
2014-10-14 CVE-2014-6313 Woothemes Cross-Site Scripting vulnerability in Woothemes Woocommerce Plugin

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

4.3
2014-10-13 CVE-2014-8747 Drupal Cross-Site Scripting vulnerability in Drupal Commons

Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.

4.3
2014-10-13 CVE-2014-1573 Fedoraproject
Mozilla
Cross-Site Scripting vulnerability in multiple products

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

4.3
2014-10-15 CVE-2014-4274 Oracle Unspecified vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.

4.1
2014-10-17 CVE-2014-7960 Openstack Resource Management Errors vulnerability in Openstack Swift

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

4.0
2014-10-17 CVE-2013-7330 Jenkins Permissions, Privileges, and Access Controls vulnerability in Jenkins

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.

4.0
2014-10-16 CVE-2014-3680 Jenkins
Redhat
Information Exposure vulnerability in multiple products

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

4.0
2014-10-16 CVE-2014-3667 Redhat
Jenkins
Information Exposure vulnerability in multiple products

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.

4.0
2014-10-15 CVE-2014-6564 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.

4.0
2014-10-15 CVE-2014-6563 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538.

4.0
2014-10-15 CVE-2014-6547 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-6542 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454.

4.0
2014-10-15 CVE-2014-6538 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563.

4.0
2014-10-15 CVE-2014-6534 Oracle Remote Security vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect integrity via vectors related to WLS Console.

4.0
2014-10-15 CVE-2014-6523 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface.

4.0
2014-10-15 CVE-2014-6520 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

4.0
2014-10-15 CVE-2014-6505 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.

4.0
2014-10-15 CVE-2014-6486 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Talent Acquisition Manager - Security.

4.0
2014-10-15 CVE-2014-6484 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.

4.0
2014-10-15 CVE-2014-6482 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant.

4.0
2014-10-15 CVE-2014-6479 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration.

4.0
2014-10-15 CVE-2014-6464 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.

4.0
2014-10-15 CVE-2014-6457 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

4.0
2014-10-15 CVE-2014-6454 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542.

4.0
2014-10-15 CVE-2014-6452 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542.

4.0
2014-10-15 CVE-2014-4310 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4300 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.

4.0
2014-10-15 CVE-2014-4299 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.

4.0
2014-10-15 CVE-2014-4298 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.

4.0
2014-10-15 CVE-2014-4297 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4296 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4295 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563.

4.0
2014-10-15 CVE-2014-4294 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563.

4.0
2014-10-15 CVE-2014-4293 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4292 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4291 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4290 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.

4.0
2014-10-15 CVE-2014-4287 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.

4.0
2014-10-15 CVE-2014-3664 Jenkins
Redhat
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.

4.0
2014-10-13 CVE-2014-1571 Mozilla
Fedoraproject
Information Exposure vulnerability in multiple products

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

4.0

42 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-15 CVE-2014-6544 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289.

3.6
2014-10-15 CVE-2014-6543 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM).

3.6
2014-10-15 CVE-2014-4289 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-6544.

3.6
2014-10-15 CVE-2014-7206 Debian Link Following vulnerability in Debian Advanced Package Tool and APT

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

3.6
2014-10-19 CVE-2014-6100 IBM Cross-Site Scripting vulnerability in IBM Security Directory Server and Tivoli Directory Server

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-10-19 CVE-2014-5420 Carefusion Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.

3.5
2014-10-19 CVE-2014-4838 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-10-19 CVE-2014-4837 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-10-19 CVE-2014-4836 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-10-17 CVE-2014-2995 Twitget Project Cross-Site Scripting vulnerability in Twitget Project Twitget

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

3.5
2014-10-17 CVE-2014-2068 Jenkins Permissions, Privileges, and Access Controls vulnerability in Jenkins

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

3.5
2014-10-17 CVE-2014-8320 Custom Search Project Cross-Site Scripting vulnerability in Custom Search Project Custom Search

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page.

3.5
2014-10-17 CVE-2014-8319 Easy Social Project Cross-Site Scripting vulnerability in Easy Social Project Easy Social

Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title.

3.5
2014-10-17 CVE-2014-8318 Webform Project Cross-Site Scripting vulnerability in Webform Project Webform

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key.

3.5
2014-10-17 CVE-2014-8317 Webform Validation Project Cross-Site Scripting vulnerability in Webform Validation Project Webform Validation

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text.

3.5
2014-10-16 CVE-2014-8312 SAP Unspecified vulnerability in SAP Netweaver Abap 7.31

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.

3.5
2014-10-16 CVE-2014-8311 SAP Information Disclosure vulnerability in SAP Businessobjects 4.0

SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.

3.5
2014-10-16 CVE-2014-8302 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.

3.5
2014-10-15 CVE-2014-6536 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.

3.5
2014-10-15 CVE-2014-6487 Oracle Remote Security vulnerability in Oracle Identity Manager

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.

3.5
2014-10-15 CVE-2014-6475 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

3.5
2014-10-15 CVE-2014-6474 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.

3.5
2014-10-13 CVE-2014-8748 Drupal Cross-Site Scripting vulnerability in Drupal Doubleclick FOR Publishers 7.X1.0/7.X1.1

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name.

3.5
2014-10-13 CVE-2014-8746 Drupal Cross-Site Scripting vulnerability in Drupal Skeleton Theme 7.X1.2/7.X1.3

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

3.5
2014-10-13 CVE-2014-8745 Drupal Cross-Site Scripting vulnerability in Drupal Custom Search Module

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label.

3.5
2014-10-13 CVE-2014-8744 Drupal Cross-Site Scripting vulnerability in Drupal Nivo Slider

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.

3.5
2014-10-13 CVE-2014-8743 Drupal Cross-Site Scripting vulnerability in Drupal Maestro

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.

3.5
2014-10-15 CVE-2014-6463 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.

3.3
2014-10-18 CVE-2014-4440 Apple Information Exposure vulnerability in Apple mac OS X

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.

2.6
2014-10-15 CVE-2014-6558 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.

2.6
2014-10-15 CVE-2014-6527 Oracle Unspecified vulnerability in Oracle JRE 1.7.0/1.8.0

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.

2.6
2014-10-15 CVE-2014-6502 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.

2.6
2014-10-15 CVE-2014-2478 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.

2.6
2014-10-18 CVE-2014-4446 Apple Permissions, Privileges, and Access Controls vulnerability in Apple OS X Server

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.

2.1
2014-10-18 CVE-2014-4431 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.

2.1
2014-10-15 CVE-2014-6551 Oracle Local Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

2.1
2014-10-15 CVE-2014-6501 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.

2.1
2014-10-15 CVE-2014-6488 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management.

2.1
2014-10-19 CVE-2014-5423 Carefusion Credentials Management vulnerability in Carefusion Pyxis Supplystation 8.1

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.

1.9
2014-10-19 CVE-2014-4822 IBM Credentials Management vulnerability in IBM Websphere MQ and Websphere MQ Explorer

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.

1.9
2014-10-18 CVE-2014-4447 Apple Cryptographic Issues vulnerability in Apple OS X Server

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.

1.9
2014-10-15 CVE-2014-6540 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.

1.9