Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2014-8643

    Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.... Read more

    Affected Products : firefox opensuse windows
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8642

    Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network dur... Read more

    Affected Products : firefox opensuse seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8641

    Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.... Read more

    Affected Products : firefox firefox_esr seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8640

    The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial... Read more

    Affected Products : firefox opensuse seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8639

    Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remot... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8638

    The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control che... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8637

    Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP d... Read more

    Affected Products : firefox seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8636

    The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges vi... Read more

    Affected Products : firefox seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8635

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow... Read more

    Affected Products : firefox seamonkey
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8634

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and applicat... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-5233

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-5232

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5231

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0309

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SD... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0308

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR ... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-0307

    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0306

    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0305

    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0304

    Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SD... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0303

    Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293588 Results