Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2014-8181

    The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.... Read more

    Affected Products : enterprise_linux enterprise_mrg
    • EPSS Score: %0.23
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-8179

    Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-dig... Read more

    Affected Products : docker opensuse cs_engine
    • EPSS Score: %0.67
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-8178

    Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.... Read more

    Affected Products : docker opensuse cs_engine
    • EPSS Score: %0.14
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-8171

    The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.... Read more

    • EPSS Score: %0.05
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-8167

    vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack... Read more

    • EPSS Score: %0.17
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8166

    The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.... Read more

    Affected Products : cups
    • EPSS Score: %0.99
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-8164

    A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.14
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8161

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.... Read more

    Affected Products : debian_linux postgresql
    • EPSS Score: %0.58
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8141

    Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.... Read more

    • EPSS Score: %9.81
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8140

    Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.... Read more

    • EPSS Score: %9.81
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-8139

    Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.... Read more

    • EPSS Score: %9.81
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8130

    The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanli... Read more

    • EPSS Score: %2.08
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8129

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_... Read more

    • EPSS Score: %0.82
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8128

    LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.... Read more

    Affected Products : mac_os_x libtiff iphone_os
    • EPSS Score: %0.70
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8126

    The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.... Read more

    Affected Products : htcondor
    • EPSS Score: %1.45
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8089

    SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.... Read more

    Affected Products : enterprise_linux fedora zend_framework
    • EPSS Score: %1.12
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7952

    The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2014-7951

    Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar ... Read more

    Affected Products : android
    • EPSS Score: %1.96
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-7914

    btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-7863

    The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and re... Read more

    • EPSS Score: %88.87
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292628 Results