Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2014-7839

    DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.... Read more

    Affected Products : resteasy
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-1421

    mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : ubuntu_linux
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8349

    Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.... Read more

    Affected Products : liferay_portal
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-6662

    Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly h... Read more

    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2010-5312

    Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.... Read more

    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-9030

    The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.... Read more

    Affected Products : debian_linux xen opensuse
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-9016

    The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.... Read more

    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-9015

    Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.... Read more

    Affected Products : debian_linux drupal
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8991

    pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.... Read more

    Affected Products : solaris pip
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8988

    MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict acce... Read more

    Affected Products : mantisbt
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8986

    Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted conf... Read more

    Affected Products : mantisbt
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8627

    PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.... Read more

    Affected Products : polarssl
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-8418

    The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain priv... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-8417

    ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dia... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8416

    Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Re... Read more

    Affected Products : asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8415

    Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued actio... Read more

    Affected Products : asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8414

    ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be ... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8413

    The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.... Read more

    Affected Products : asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8412

    The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 bef... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-7821

    OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.... Read more

    Affected Products : fedora openstack neutron
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293646 Results