Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-0560

    The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial... Read more

    Affected Products : wireshark opensuse
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0559

    Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, relate... Read more

    Affected Products : wireshark opensuse
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9191

    The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 m... Read more

    Affected Products : hart_device_type_manager
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9190

    Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.... Read more

    • Published: Jan. 10, 2015
    • Modified: Jul. 24, 2025

  • 5.0

    MEDIUM
    CVE-2014-8036

    The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8035

    The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8020

    Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-6212

    The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, ... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6199

    The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-6158

    Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execu... Read more

    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3096

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : curam_social_program_management
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9585

    The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end o... Read more

    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9584

    The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memo... Read more

    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-9529

    Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trig... Read more

    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0922

    McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0921

    XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpda... Read more

    Affected Products : epolicy_orchestrator
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9510

    Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9505

    Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : school_administration
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9501

    Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.... Read more

    Affected Products : poll_chart_block
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9500

    Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.... Read more

    Affected Products : moip
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results