Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2014-5359

    Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-4936

    The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploadi... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2013-6435

    Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc... Read more

    Affected Products : debian_linux rpm
    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9386

    Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9385

    Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9252

    Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9251

    Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9250

    Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9249

    The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9248

    Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-9247

    Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9245

    Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382.... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8967

    Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display propert... Read more

    Affected Products : internet_explorer
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-8610

    AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-mes... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-8609

    The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with a... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8507

    Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and con... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-7911

    luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to ... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-6261

    Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session,... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-6260

    Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-1541... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6259

    Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity referenc... Read more

    Affected Products : zenoss_core
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293632 Results