Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2015-6850

    EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.... Read more

    Affected Products : vplex_geosynchrony
    • EPSS Score: %0.05
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-8660

    The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a cr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %65.43
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-8569

    The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mecha... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2015-8543

    The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dere... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.92
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-8374

    fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-7990

    Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that w... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-7885

    The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-7884

    The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-7509

    fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2013-7446

    Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7783

    Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : pbbs
    • EPSS Score: %0.32
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-7665

    Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, ... Read more

    Affected Products : tails
    • EPSS Score: %0.48
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6538

    The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.... Read more

    Affected Products : cardio_server
    • EPSS Score: %0.77
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-6537

    SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.... Read more

    Affected Products : cardio_server
    • EPSS Score: %1.05
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-8263

    NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.... Read more

    Affected Products : wnr1000v3_firmware wnr1000v3
    • EPSS Score: %0.28
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8262

    Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.... Read more

    • EPSS Score: %0.28
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-8254

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.11
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8253

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.31
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-8252

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.... Read more

    Affected Products : frontel_protocol
    • EPSS Score: %0.75
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-6005

    Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names fiel... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %0.20
    • Published: Dec. 27, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291750 Results