Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2014-8567

    The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.... Read more

    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7815

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.... Read more

    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-3689

    The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7991

    The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core dev... Read more

    Affected Products : unified_communications_manager
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7878

    The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execut... Read more

    Affected Products : helion_cloud_development_platform
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7246

    The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in... Read more

    Affected Products : openam
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-5424

    Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an ... Read more

    Affected Products : connected_components_workbench
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-8770

    Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that c... Read more

    Affected Products : magmi
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8564

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (E... Read more

    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8557

    Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variabl... Read more

    Affected Products : channel_platform
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8554

    SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists becaus... Read more

    Affected Products : mantisbt
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8476

    The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.... Read more

    Affected Products : freebsd
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-8359

    Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.... Read more

    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-7823

    The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.... Read more

    Affected Products : libvirt
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3674

    Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.... Read more

    Affected Products : openshift openshift
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3602

    Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.... Read more

    Affected Products : openshift openshift
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8736

    The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.... Read more

    Affected Products : open_atrium
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2014-8735

    The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log... Read more

    Affected Products : bad_behavior
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8734

    The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.... Read more

    Affected Products : organic_groups_menu
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8555

    Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.... Read more

    Affected Products : openedge
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293656 Results