Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-14342

    In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-14341

    In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14340

    In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14339

    In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-14338

    samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.... Read more

    Affected Products : exiv2
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14337

    The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.... Read more

    Affected Products : debian_linux mruby
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14336

    TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.... Read more

    Affected Products : wr840n
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14335

    An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.... Read more

    Affected Products : h2
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14334

    manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php fil... Read more

    Affected Products : joyplus-cms
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-14333

    TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workst... Read more

    Affected Products : teamviewer vbase_web-remote
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-14332

    An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp.... Read more

    Affected Products : clementine
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14331

    An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.... Read more

    Affected Products : xiaocms_x1
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-14329

    In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : htslib
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14328

    Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as... Read more

    Affected Products : online_trade brynamics
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-14327

    The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" ... Read more

    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14326

    In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.... Read more

    Affected Products : mp4v2 mp4v2
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14325

    In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.... Read more

    Affected Products : mp4v2 mp4v2
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14324

    The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipu... Read more

    Affected Products : glassfish_server
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14320

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe... Read more

    Affected Products : podofo
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14318

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The... Read more

    Affected Products : galaxy_s8_firmware galaxy_s8
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results