Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-5381

    Grand MA 300 allows a brute-force attack on the PIN.... Read more

    Affected Products : grand_ma300_firmware grand_ma300
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5380

    Grand MA 300 allows retrieval of the access PIN from sniffed data.... Read more

    Affected Products : grand_ma300_firmware grand_ma300
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5334

    FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.... Read more

    Affected Products : freenas
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5329

    GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HT... Read more

    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5289

    Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.... Read more

    Affected Products : senkas_kolibri
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5288

    A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.... Read more

    Affected Products : load_master
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5287

    A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).... Read more

    Affected Products : loadmaster
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-5282

    Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.... Read more

    Affected Products : docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-5280

    boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.... Read more

    Affected Products : boot2docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-5279

    The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.... Read more

    Affected Products : boot2docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-5278

    A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.... Read more

    Affected Products : docker
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2014-5255

    xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.... Read more

    Affected Products : debian_linux xcfa
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2014-5254

    xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.... Read more

    Affected Products : xcfa
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5238

    XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5236

    Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) ima... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-5220

    The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.... Read more

    Affected Products : opensuse mdadm
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-5209

    An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.... Read more

    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5170

    The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.... Read more

    Affected Products : storage_api
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5140

    The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fi... Read more

    Affected Products : loaded7
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5138

    Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to th... Read more

    Affected Products : sierra
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results