Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-8129

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_... Read more

    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-8128

    LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.... Read more

    Affected Products : mac_os_x libtiff iphone_os
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-8126

    The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.... Read more

    Affected Products : htcondor
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-8089

    SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.... Read more

    Affected Products : enterprise_linux fedora zend_framework
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7952

    The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.... Read more

    Affected Products : android
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2014-7951

    Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar ... Read more

    Affected Products : android
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2014-7914

    btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted... Read more

    Affected Products : android
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-7863

    The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and re... Read more

    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-7862

    The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.... Read more

    Affected Products : desktop_central
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7844

    BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.... Read more

    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7303

    SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.... Read more

    Affected Products : sgi_tempo
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7302

    SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.... Read more

    Affected Products : sgi_tempo
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2014-7301

    SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.... Read more

    Affected Products : sgi_tempo
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7272

    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the ... Read more

    Affected Products : fedora sddm
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2014-7271

    Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.... Read more

    Affected Products : fedora sddm
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-7257

    SQL injection vulnerability in DBD::PgPP 0.05 and earlier... Read more

    Affected Products : \
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-7238

    The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS... Read more

    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-7236

    Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.... Read more

    Affected Products : twiki
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2014-7224

    A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : android
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-7222

    Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two... Read more

    Affected Products : teamspeak3
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results