Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-5439

    Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms,... Read more

    Affected Products : debian_linux sniffit
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5436

    A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends ... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5435

    An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongl... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5434

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM u... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5433

    An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, whic... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5432

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to th... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2014-5431

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of ... Read more

    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5401

    Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the Me... Read more

    Affected Products : mednet
    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-5394

    Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.... Read more

    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5381

    Grand MA 300 allows a brute-force attack on the PIN.... Read more

    Affected Products : grand_ma300_firmware grand_ma300
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5380

    Grand MA 300 allows retrieval of the access PIN from sniffed data.... Read more

    Affected Products : grand_ma300_firmware grand_ma300
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5334

    FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.... Read more

    Affected Products : freenas
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-5329

    GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HT... Read more

    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5289

    Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.... Read more

    Affected Products : senkas_kolibri
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5288

    A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.... Read more

    Affected Products : load_master
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-5287

    A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).... Read more

    Affected Products : loadmaster
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-5282

    Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.... Read more

    Affected Products : docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-5280

    boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.... Read more

    Affected Products : boot2docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-5279

    The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.... Read more

    Affected Products : boot2docker
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-5278

    A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.... Read more

    Affected Products : docker
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292851 Results