Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-6778

    The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : goat_forum
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6777

    The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : blueeleph
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6776

    The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert... Read more

    Affected Products : united_advantage_nw_federal_cr
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6775

    The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : light_for_pets
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6774

    The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : usek
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6773

    The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : cih_quiz_game
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6772

    The United Educational CU (aka com.metova.cuae.uecu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : united_educational_cu
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7187

    Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nes... Read more

    Affected Products : bash
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7186

    The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here document... Read more

    Affected Products : bash
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-3535

    include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2014-2639

    Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.... Read more

    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-0205

    The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-7145

    The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share d... Read more

    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2014-6418

    net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-6417

    net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2014-6416

    Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2014-6410

    The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF fil... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2014-3631

    The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-3186

    Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of serv... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2014-3185

    Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of... Read more

    Affected Products : linux_kernel
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294837 Results