Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-3159

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.16
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-3154

    CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the... Read more

    Affected Products : zend_framework
    • EPSS Score: %0.27
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-3151

    Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteEle... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.07
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-3150

    abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.05
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-3147

    daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/a... Read more

    • EPSS Score: %0.54
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-3140

    Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567... Read more

    Affected Products : synaman syncrify syntail
    • EPSS Score: %0.17
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2015-3006

    On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases af... Read more

    Affected Products : junos qfx3500 qfx3600 junos
    • EPSS Score: %0.12
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-2992

    Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : struts
    • EPSS Score: %1.05
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-2981

    The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : yodobashi
    • EPSS Score: %0.50
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-2968

    LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-mid... Read more

    Affected Products : line\@
    • EPSS Score: %0.12
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2929

    The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.... Read more

    Affected Products : tor
    • EPSS Score: %0.47
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2928

    The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.... Read more

    Affected Products : tor
    • EPSS Score: %0.72
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-2923

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.... Read more

    Affected Products : freebsd
    • EPSS Score: %1.38
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2909

    Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in wh... Read more

    • EPSS Score: %3.57
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2802

    An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user... Read more

    • EPSS Score: %2.15
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-2796

    Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.... Read more

    Affected Products : projectpier
    • EPSS Score: %0.24
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-2793

    Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.... Read more

    Affected Products : fedora ikiwiki
    • EPSS Score: %1.29
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-2784

    The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.... Read more

    Affected Products : papercrop
    • EPSS Score: %0.42
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2689

    Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.... Read more

    Affected Products : tor
    • EPSS Score: %0.65
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-2688

    buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted pac... Read more

    Affected Products : tor
    • EPSS Score: %0.57
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292504 Results