Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2014-0841

    IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.... Read more

    Affected Products : rational_focal_point
    • EPSS Score: %0.02
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-0594

    In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.14
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0593

    The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the ... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.47
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-0486

    Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.... Read more

    Affected Products : knot_cms
    • EPSS Score: %1.34
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-0245

    It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for a... Read more

    Affected Products : jboss_portal
    • EPSS Score: %0.41
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-0243

    Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.... Read more

    Affected Products : check_mk
    • EPSS Score: %0.05
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-0242

    mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.... Read more

    Affected Products : mod_wsgi
    • EPSS Score: %8.10
    • Published: Dec. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-0241

    rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable... Read more

    Affected Products : satellite hammer_cli
    • EPSS Score: %0.10
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-0234

    The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Open... Read more

    Affected Products : openshift
    • EPSS Score: %1.42
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-0212

    qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors... Read more

    Affected Products : qpid-cpp
    • EPSS Score: %3.47
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-0197

    CFME: CSRF protection vulnerability via permissive check of the referrer header... Read more

    • EPSS Score: %0.36
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-0183

    Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.... Read more

    Affected Products : subscription_asset_manager
    • EPSS Score: %0.29
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-0175

    mcollective has a default password set at install... Read more

    • EPSS Score: %0.60
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-0169

    In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without p... Read more

    • EPSS Score: %0.18
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-0163

    Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.... Read more

    Affected Products : openshift
    • EPSS Score: %1.79
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-0161

    ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attac... Read more

    Affected Products : ovirt-engine-sdk-python
    • EPSS Score: %0.10
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-0158

    Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j... Read more

    Affected Products : openjpeg opensuse
    • EPSS Score: %0.51
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-0156

    Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.... Read more

    Affected Products : awesomespawn
    • EPSS Score: %2.74
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-0148

    Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fie... Read more

    • EPSS Score: %0.06
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2014-0147

    Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly ca... Read more

    • EPSS Score: %0.05
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291806 Results