Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3398 | 1 Cisco | 1 Adaptive Security Appliance Software | 2014-10-06 | 5.0 MEDIUM | N/A |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. | |||||
| CVE-2014-3400 | 1 Cisco | 1 Webex Meetings Server | 2014-10-06 | 4.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||||
| CVE-2014-6299 | 1 Mm Forum Project | 1 Mm Forum | 2014-10-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | |||||
| CVE-2014-6294 | 1 External Links Click Statistics Project | 1 External Links Click Statistics | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6296 | 1 Wec Map Project | 1 Wec Map | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2014-10-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | |||||
| CVE-2014-6289 | 2 Daniel Lienert, Michael Knoll | 2 Yet Another Gallery, Tools For Extbase Developmen | 2014-10-06 | 7.5 HIGH | N/A |
| The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. | |||||
| CVE-2014-6297 | 1 Mm Forum Project | 1 Mm Forum | 2014-10-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6298 | 1 Mm Forum Project | 1 Mm Forum | 2014-10-06 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2014-6290 | 1 News Project | 1 News | 2014-10-06 | 7.5 HIGH | N/A |
| The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |||||
| CVE-2014-6705 | 1 Maher Zain Project | 1 Maher Zain | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6704 | 1 Sportinginnovations | 1 Utah Jazz | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6708 | 1 Sportinginnovations | 1 Utah Jazz | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Sporting Club Uphoria (aka com.sportinginnovations.skc) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6703 | 1 Phonearabs4 Project | 1 Phonearabs4 | 2014-10-04 | 5.4 MEDIUM | N/A |
| The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6702 | 1 Starsat | 1 Starsat International | 2014-10-04 | 5.4 MEDIUM | N/A |
| The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application 1.41.54.9222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6701 | 1 Vendormate | 1 Vendormate Mobile | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6700 | 1 Nba | 1 Nba Game Time 2013-2014 | 2014-10-04 | 5.4 MEDIUM | N/A |
| The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application 4.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6699 | 1 Weather | 1 Weather Channel | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6698 | 1 Igg | 1 Galaxy Online 2 | 2014-10-04 | 5.4 MEDIUM | N/A |
| The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||