Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2014-7807

    Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.... Read more

    Affected Products : cloudstack
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8488

    Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.... Read more

    Affected Products : fedora yourls
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8730

    The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 a... Read more

    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8496

    Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.... Read more

    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9352

    Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_access
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-9351

    engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors.... Read more

    Affected Products : teeworlds
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9319

    The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9318

    The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .c... Read more

    Affected Products : ffmpeg
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9317

    The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an ID... Read more

    Affected Products : ffmpeg
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9316

    The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vect... Read more

    Affected Products : ffmpeg
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9281

    Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field.... Read more

    Affected Products : mantisbt
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9275

    UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.... Read more

    Affected Products : unrtf
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9274

    UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".... Read more

    Affected Products : fedora debian_linux unrtf mageia
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2014-9066

    Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requ... Read more

    Affected Products : xen opensuse
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2014-9065

    common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a differen... Read more

    Affected Products : xen opensuse
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2014-8737

    Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or fu... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8504

    Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8503

    Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8502

    Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8501

    The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the A... Read more

    Affected Products : ubuntu_linux fedora binutils
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293654 Results