CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9844 | medium | 5.5 | 5.5 | 9y ago | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||
| CVE-2014-9853 | medium | 5.5 | 5.5 | 9y ago | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||
| CVE-2014-9645 | medium | 5.5 | 5.5 | 9y ago | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demo… | |||
| CVE-2014-9900 | medium | 5.5 | 5.5 | 10y ago | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure,… | |||
| CVE-2014-9899 | medium | 5.5 | 5.5 | 10y ago | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensit… | |||
| CVE-2014-9898 | medium | 5.5 | 5.5 | 10y ago | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers … | |||
| CVE-2014-9897 | medium | 5.5 | 5.5 | 10y ago | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive… | |||
| CVE-2014-9896 | medium | 5.5 | 5.5 | 10y ago | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtai… | |||
| CVE-2014-9895 | medium | 5.5 | 5.5 | 10y ago | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows … | |||
| CVE-2014-9894 | medium | 5.5 | 5.5 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to o… | |||
| CVE-2014-9893 | medium | 5.5 | 5.5 | 10y ago | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtai… | |||
| CVE-2014-9892 | medium | 5.5 | 5.5 | 10y ago | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a ti… | |||
| CVE-2014-9798 | medium | 5.5 | 5.5 | 10y ago | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows atta… | |||
| CVE-2014-9903 | medium | 5.5 | 5.5 | 10y ago | The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memo… | |||
| CVE-2014-2332 | medium | — | 5.5 | 11y ago | Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOT… | |||
| CVE-2014-6129 | medium | — | 5.5 | 11y ago | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.… | |||
| CVE-2014-7882 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-6586 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2014-6576 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidenti… | |||
| CVE-2014-9493 | medium | — | 5.5 | 12y ago | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR… | |||
| CVE-2014-6122 | medium | — | 5.5 | 12y ago | IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows… | |||
| CVE-2014-9363 | medium | — | 5.5 | 12y ago | Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary we… | |||
| CVE-2014-7837 | medium | — | 5.5 | 12y ago | Moodle allows attackers to remove wiki pages | |||
| CVE-2014-9023 | medium | — | 5.5 | 12y ago | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tok… | |||
| CVE-2014-8559 | medium | 5.5 | 5.5 | 12y ago | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and syst… | |||
| CVE-2014-3690 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allow… | |||
| CVE-2014-3647 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a c… | |||
| CVE-2014-3646 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest O… | |||
| CVE-2014-3610 | medium | 5.5 | 5.5 | 12y ago | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows g… | |||
| CVE-2014-6032 | medium | — | 5.5 | 12y ago | Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.… | |||
| CVE-2014-6554 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknow… | |||
| CVE-2014-6489 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. | |||
| CVE-2014-7975 | medium | 5.5 | 5.5 | 12y ago | The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which all… | |||
| CVE-2014-7970 | medium | 5.5 | 5.5 | 12y ago | The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of… | |||
| CVE-2014-3399 | medium | — | 5.5 | 12y ago | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows… | |||
| CVE-2014-3521 | medium | — | 5.5 | 12y ago | The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. | |||
| CVE-2014-4373 | medium | 5.5 | 5.5 | 12y ago | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart… | |||
| CVE-2014-4806 | medium | 5.5 | 5.5 | 12y ago | The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux place… | |||
| CVE-2014-3464 | medium | — | 5.5 | 12y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo… | |||
| CVE-2014-4260 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors … | |||
| CVE-2014-4229 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect … | |||
| CVE-2014-2496 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity v… | |||
| CVE-2014-2482 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity… | |||
| CVE-2014-2456 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiali… | |||
| CVE-2014-4976 | medium | — | 5.5 | 12y ago | Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||
| CVE-2014-3317 | medium | — | 5.5 | 12y ago | Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete ar… | |||
| CVE-2014-3088 | medium | — | 5.5 | 12y ago | stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to… | |||
| CVE-2014-1383 | medium | — | 5.5 | 12y ago | Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. | |||
| CVE-2014-0203 | medium | 5.5 | 5.5 | 12y ago | The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause… | |||
| CVE-2014-3292 | medium | — | 5.5 | 12y ago | The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL,… | |||
| CVE-2014-3968 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an e… | |||
| CVE-2014-3967 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of servic… | |||
| CVE-2014-3835 | medium | — | 5.5 | 12y ago | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vect… | |||
| CVE-2014-1685 | medium | — | 5.5 | 12y ago | The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | |||
| CVE-2014-2986 | medium | — | 5.5 | 12y ago | The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denia… | |||
| CVE-2014-2915 | medium | — | 5.5 | 12y ago | Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vecto… | |||
| CVE-2014-0642 | medium | — | 5.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… | |||
| CVE-2014-0155 | medium | — | 5.5 | 12y ago | The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial… | |||
| CVE-2014-0077 | medium | — | 5.5 | 12y ago | drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memor… | |||
| CVE-2014-0055 | medium | — | 5.5 | 12y ago | The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_v… | |||
| CVE-2014-1496 | medium | 5.5 | 5.5 | 12y ago | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during… | |||
| CVE-2014-0833 | medium | — | 5.5 | 13y ago | The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intende… | |||
| CVE-2014-0678 | medium | — | 5.5 | 13y ago | The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vect… | |||
| CVE-2014-0009 | medium | — | 5.5 | 13y ago | course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requiremen… | |||
| CVE-2014-0423 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and a… | |||
| CVE-2014-0367 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and… | |||
| CVE-2014-3531 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) descriptio… | |||
| CVE-2014-0208 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key… | |||
| CVE-2014-8957 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | |||
| CVE-2014-6191 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X… | |||
| CVE-2014-3887 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors… | |||
| CVE-2014-8707 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | |||
| CVE-2014-9194 | medium | — | 5.4 | 12y ago | Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||
| CVE-2014-9271 | medium | 5.4 | 5.4 | 12y ago | Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extensi… | |||
| CVE-2014-9416 | medium | — | 5.4 | 12y ago | Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71en… | |||
| CVE-2014-7994 | medium | — | 5.4 | 12y ago | Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and … | |||
| CVE-2014-8680 | medium | — | 5.4 | 12y ago | The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP database… | |||
| CVE-2014-8594 | medium | — | 5.4 | 12y ago | The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointe… | |||
| CVE-2014-4452 | medium | — | 5.4 | 12y ago | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |||
| CVE-2014-8538 | medium | — | 5.4 | 12y ago | The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7804 | medium | — | 5.4 | 12y ago | The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2014-7803 | medium | — | 5.4 | 12y ago | The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2014-7802 | medium | — | 5.4 | 12y ago | The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-… | |||
| CVE-2014-7800 | medium | — | 5.4 | 12y ago | The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… | |||
| CVE-2014-7799 | medium | — | 5.4 | 12y ago | The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2014-7798 | medium | — | 5.4 | 12y ago | The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2014-7797 | medium | — | 5.4 | 12y ago | The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive … | |||
| CVE-2014-7796 | medium | — | 5.4 | 12y ago | The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and … | |||
| CVE-2014-7795 | medium | — | 5.4 | 12y ago | The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob… | |||
| CVE-2014-7794 | medium | — | 5.4 | 12y ago | The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t… | |||
| CVE-2014-7793 | medium | — | 5.4 | 12y ago | The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o… | |||
| CVE-2014-7791 | medium | — | 5.4 | 12y ago | The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7789 | medium | — | 5.4 | 12y ago | The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7788 | medium | — | 5.4 | 12y ago | The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7787 | medium | — | 5.4 | 12y ago | The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens… | |||
| CVE-2014-7786 | medium | — | 5.4 | 12y ago | The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2014-7785 | medium | — | 5.4 | 12y ago | The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s… | |||
| CVE-2014-7784 | medium | — | 5.4 | 12y ago | The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7783 | medium | — | 5.4 | 12y ago | The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2014-7782 | medium | — | 5.4 | 12y ago | The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers… |