Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-6434

    Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.24
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-6433

    SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.16
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6647

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6646

    The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, ak... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-6645

    SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6644

    Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-6643

    Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6642

    The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSy... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2015-6641

    Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6640

    The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service ... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6639

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.... Read more

    Affected Products : android
    • EPSS Score: %7.80
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6638

    The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6637

    The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6636

    mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5310

    The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or ca... Read more

    Affected Products : android
    • EPSS Score: %0.30
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6861

    HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.39
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2015-6860

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6859

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.... Read more

    • EPSS Score: %0.10
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6858

    HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : insight_control insight_management
    • EPSS Score: %0.41
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5447

    Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : storeonce_backup_system_software
    • EPSS Score: %0.23
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291601 Results