Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-8677

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8676

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8336

    Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5247

    The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.... Read more

    Affected Products : ubuntu_linux libvirt
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2011-4600

    The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via... Read more

    Affected Products : ubuntu_linux libvirt
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4018

    The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vector... Read more

    Affected Products : hana
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4017

    The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.... Read more

    Affected Products : hana
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4016

    Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admi... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4015

    The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.... Read more

    Affected Products : netweaver
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4014

    XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.... Read more

    Affected Products : netweaver
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3079

    Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin... Read more

    Affected Products : satellite spacewalk-java
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2103

    Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving sys... Read more

    Affected Products : satellite satellite
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8560

    Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vuln... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8554

    Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable phys... Read more

    Affected Products : xen
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2015-8550

    Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8540

    Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact vi... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-7999

    Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : command_center
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-5343

    Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary... Read more

    Affected Products : debian_linux subversion
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-0284

    Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerab... Read more

    Affected Products : satellite spacewalk-java
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1378

    Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.... Read more

    Affected Products : ios
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292907 Results