Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-10048

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, ... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10047

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur.... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10046

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttl... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10045

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/S... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10044

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and ... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10043

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is s... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10039

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting ... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2014-0950

    Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.... Read more

    Affected Products : rational_clearquest
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-0931

    Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in ... Read more

    Affected Products : rational_clearcase
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-0927

    The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.... Read more

    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-0912

    IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072.... Read more

    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-0900

    The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.... Read more

    Affected Products : android
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-0883

    IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : power_hardware_management_console
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-0882

    Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC).... Read more

    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2014-0881

    The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Forc... Read more

    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2014-0872

    The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-0841

    IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.... Read more

    Affected Products : rational_focal_point
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-0594

    In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.... Read more

    Affected Products : open_build_service
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0593

    The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the ... Read more

    Affected Products : open_build_service
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-0486

    Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.... Read more

    Affected Products : knot_cms
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292822 Results