Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2013-4529

    Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4527

    Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4526

    Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4151

    The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4150

    The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, ... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4149

    Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4148

    Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.... Read more

    Affected Products : qemu
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8474

    CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity decla... Read more

    Affected Products : cloud_service_management
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8473

    Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : cloud_service_management
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8472

    CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : cloud_service_management
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8471

    CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors.... Read more

    Affected Products : cloud_service_management
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-7875

    Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.... Read more

    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-6130

    The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the use... Read more

    Affected Products : notes_traveler
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8593

    Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.... Read more

    Affected Products : allomani_weblinks
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4974

    The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory v... Read more

    Affected Products : personal_firewall_ndis_filter
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3660

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a la... Read more

    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8592

    Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.... Read more

    Affected Products : netweaver
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8591

    Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.... Read more

    Affected Products : netweaver
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8590

    XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.... Read more

    Affected Products : netweaver_java_application_server
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8589

    Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.... Read more

    Affected Products : network_interface_router
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293695 Results