Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-0756

    The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is... Read more

    Affected Products : prosody
    • EPSS Score: %0.68
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-0755

    The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.... Read more

    Affected Products : ubuntu_linux debian_linux curl
    • EPSS Score: %0.86
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0754

    cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.... Read more

    Affected Products : curl windows
    • EPSS Score: %0.35
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0738

    OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrup... Read more

    Affected Products : swift
    • EPSS Score: %5.80
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0737

    OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.... Read more

    Affected Products : swift
    • EPSS Score: %5.80
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8773

    Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.... Read more

    Affected Products : file_lock
    • EPSS Score: %0.29
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-8772

    McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ... Read more

    Affected Products : file_lock
    • EPSS Score: %0.49
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-7521

    The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level opera... Read more

    Affected Products : hive
    • EPSS Score: %0.40
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1882

    FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.47
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1879

    The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer derefere... Read more

    Affected Products : freebsd
    • EPSS Score: %19.79
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8794

    Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo han... Read more

    Affected Products : roundcube_webmail
    • EPSS Score: %0.29
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-8793

    Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different v... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.28
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8792

    The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.... Read more

    Affected Products : leap opensuse libmatroska
    • EPSS Score: %0.31
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8791

    The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.... Read more

    Affected Products : libebml
    • EPSS Score: %0.34
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8790

    The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.... Read more

    Affected Products : libebml
    • EPSS Score: %0.54
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2015-8789

    Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML d... Read more

    Affected Products : libebml
    • EPSS Score: %0.38
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8770

    Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute ar... Read more

    Affected Products : roundcube_webmail
    • EPSS Score: %23.36
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7464

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builde... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.87
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0868

    Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.... Read more

    • EPSS Score: %0.21
    • Published: Jan. 28, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1300

    Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.... Read more

    Affected Products : unity_connection
    • EPSS Score: %0.25
    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291625 Results