Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-5500

    The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.... Read more

    Affected Products : plone
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-8494

    ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : alupdate
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8350

    Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.... Read more

    Affected Products : smarty
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-8080

    The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.... Read more

    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-5507

    iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : ibackup
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5272

    libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn... Read more

    Affected Products : ffmpeg
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-5271

    Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (cras... Read more

    Affected Products : ffmpeg libav
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3712

    Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/contro... Read more

    Affected Products : subscription_asset_manager katello
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3654

    Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomS... Read more

    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2014-3683

    Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE... Read more

    Affected Products : rsyslog sysklogd
    • Published: Nov. 02, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-3634

    rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-... Read more

    Affected Products : rsyslog sysklogd
    • Published: Nov. 02, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-2015

    Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possib... Read more

    Affected Products : freeradius
    • Published: Nov. 02, 2014
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2014-8582

    FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2014-6032

    Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 1... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3615

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8244

    Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 b... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-8243

    Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 b... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8578

    Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a d... Read more

    Affected Products : horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3475

    Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user emai... Read more

    Affected Products : opensuse horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3474

    Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to in... Read more

    Affected Products : opensuse horizon horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294116 Results