Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-9008

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8980

    The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : enterprise_linux fedora leap php-gettext
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-8851

    node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.... Read more

    Affected Products : node-uuid
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-8751

    Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.... Read more

    Affected Products : jasper
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2015-8549

    XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.... Read more

    Affected Products : pyamf
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8546

    An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is expl... Read more

    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-8536

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.... Read more

    Affected Products : solution_center
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-8535

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user ... Read more

    Affected Products : solution_center
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-8534

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow ... Read more

    Affected Products : solution_center
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-8371

    Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key i... Read more

    Affected Products : composer
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8367

    The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.... Read more

    Affected Products : libraw
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8366

    Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.... Read more

    Affected Products : libraw
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2015-8313

    GnuTLS incorrectly validates the first byte of padding in CBC modes... Read more

    Affected Products : debian_linux gnutls
    • Published: Dec. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8298

    Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or t... Read more

    Affected Products : rxadmin
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-8094

    Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.... Read more

    Affected Products : hue
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-8033

    In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.... Read more

    Affected Products : textpattern
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-8032

    In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.... Read more

    Affected Products : textpattern
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8031

    Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.... Read more

    Affected Products : hudson
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-8012

    lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.... Read more

    Affected Products : lldpd
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8011

    Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV b... Read more

    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results