Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2014-3599

    HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy... Read more

    Affected Products : hornetq
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-3592

    OpenShift Origin: Improperly validated team names could allow stored XSS attacks... Read more

    Affected Products : openshift_origin
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2014-3591

    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuatio... Read more

    Affected Products : debian_linux libgcrypt gnupg
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-3590

    Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.... Read more

    Affected Products : satellite
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3585

    redhat-upgrade-tool: Does not check GPG signatures when upgrading versions... Read more

    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3539

    base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.... Read more

    Affected Products : python rope
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-3536

    CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration... Read more

    Affected Products : cloudforms_management_engine
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-3519

    The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mecha... Read more

    Affected Products : vzkernel
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3495

    duplicity 0.6.24 has improper verification of SSL certificates... Read more

    Affected Products : debian_linux opensuse duplicity
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3484

    Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) caus... Read more

    Affected Products : musl
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-3471

    Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.... Read more

    Affected Products : qemu
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3449

    BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability... Read more

    Affected Products : bss_continuty_cms
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3448

    BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload... Read more

    Affected Products : bss_continuty_cms
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3447

    BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability... Read more

    Affected Products : bss_continuty_cms
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3445

    backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.... Read more

    Affected Products : sos_webpages
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3413

    The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database acce... Read more

    Affected Products : junos_space junos_space
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3244

    XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.... Read more

    Affected Products : sugarcrm
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2014-3230

    The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.... Read more

    Affected Products : \
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-3219

    fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.... Read more

    Affected Products : fedora fish
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-3208

    A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),... Read more

    Affected Products : askpop3d
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results