Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-8560

    Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vuln... Read more

    • EPSS Score: %8.56
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8554

    Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable phys... Read more

    Affected Products : xen
    • EPSS Score: %0.06
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2015-8550

    Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.... Read more

    • EPSS Score: %15.96
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8540

    Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact vi... Read more

    • EPSS Score: %13.61
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-7999

    Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : command_center
    • EPSS Score: %0.47
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-5343

    Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary... Read more

    Affected Products : debian_linux subversion
    • EPSS Score: %24.98
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-0284

    Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerab... Read more

    Affected Products : satellite spacewalk-java
    • EPSS Score: %0.41
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1378

    Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.... Read more

    Affected Products : ios
    • EPSS Score: %0.23
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1352

    Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.... Read more

    • EPSS Score: %0.39
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2313

    auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.... Read more

    Affected Products : leap opensuse cacti
    • EPSS Score: %1.08
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0787

    The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes conf... Read more

    Affected Products : fedora debian_linux opensuse libssh2
    • EPSS Score: %2.30
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0757

    OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an imag... Read more

    • EPSS Score: %0.23
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0739

    libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessi... Read more

    • EPSS Score: %3.64
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8806

    dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.... Read more

    • EPSS Score: %8.56
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8784

    The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %1.52
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8683

    The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %0.21
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8665

    tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.21
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3146

    The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH pa... Read more

    Affected Products : ubuntu_linux fedora debian_linux libssh
    • EPSS Score: %2.39
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-1547

    The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %4.42
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-9655

    The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.t... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %1.10
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292735 Results