Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.0

    MEDIUM
    CVE-2014-8553

    The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_iss... Read more

    Affected Products : mantisbt
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2014-8117

    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.... Read more

    Affected Products : ubuntu_linux freebsd file mageia
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2014-8116

    The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.... Read more

    Affected Products : ubuntu_linux freebsd file mageia
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 1.9

    LOW
    CVE-2014-7170

    Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.... Read more

    Affected Products : puppet_server
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2013-7402

    Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.... Read more

    Affected Products : c-icap
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-9253

    The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/... Read more

    Affected Products : dokuwiki mageia
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 3.5

    LOW
    CVE-2014-5438

    Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_com... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 6.8

    MEDIUM
    CVE-2014-5437

    Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote manag... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 5.0

    MEDIUM
    CVE-2014-7880

    Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : tcp_ip_services_openvms
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 6.5

    MEDIUM
    CVE-2014-7285

    The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.... Read more

    Affected Products : web_gateway
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 7.8

    HIGH
    CVE-2014-9322

    arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a G... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2014-8133

    arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanis... Read more

    Affected Products : linux_kernel
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 9.0

    HIGH
    CVE-2014-4626

    EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user ... Read more

    Affected Products : documentum_content_server
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-8006

    The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 4.0

    MEDIUM
    CVE-2014-6182

    Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.... Read more

    Affected Products : business_process_manager
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 6.5

    MEDIUM
    CVE-2014-4844

    The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process app... Read more

    Affected Products : business_process_manager
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
  • 6.5

    MEDIUM
    CVE-2014-8248

    SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-8247

    Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025
  • 6.8

    MEDIUM
    CVE-2014-8246

    Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2014-6176

    IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and uncondi... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293947 Results