Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-1530

    media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.... Read more

    Affected Products : android
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-1525

    audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.... Read more

    Affected Products : android
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-1503

    Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot)... Read more

    Affected Products : mail_server
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1425

    JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities... Read more

    Affected Products : gecko_cms
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1418

    The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands... Read more

    Affected Products : freebsd
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1416

    Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via... Read more

    Affected Products : freebsd
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-1396

    A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.... Read more

    Affected Products : debian_linux patch
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-1394

    Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard... Read more

    Affected Products : photo_gallery
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-1391

    Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.... Read more

    Affected Products : airwave
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-1390

    Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.... Read more

    Affected Products : airwave
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2015-1343

    All versions of unity-scope-gdrive logs search terms to syslog.... Read more

    Affected Products : ubuntu_linux
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-1341

    Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.... Read more

    Affected Products : ubuntu_linux apport
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2015-1340

    LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's... Read more

    Affected Products : lxd
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2015-1327

    Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the D... Read more

    Affected Products : ubuntu_linux
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1326

    python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.... Read more

    Affected Products : python-dbusmock
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1320

    The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-1316

    Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.... Read more

    Affected Products : juju
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-1313

    JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauth... Read more

    Affected Products : teamcity
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1290

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.... Read more

    Affected Products : leap chrome qt
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-1208

    Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292907 Results