Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-4334

    The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easi... Read more

    Affected Products : proxysgos proxysg_firmware
    • EPSS Score: %0.58
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-3628

    The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.... Read more

    • EPSS Score: %76.24
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3276

    The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impa... Read more

    • EPSS Score: %1.76
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-1344

    The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.... Read more

    Affected Products : ubuntu_linux lxcfs
    • EPSS Score: %0.04
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-1342

    LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.... Read more

    Affected Products : ubuntu_linux lxcfs
    • EPSS Score: %0.06
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5302

    libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) ... Read more

    Affected Products : libreport
    • EPSS Score: %0.61
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-5287

    The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump o... Read more

    • EPSS Score: %12.90
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-5273

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /va... Read more

    • EPSS Score: %0.33
    • Published: Dec. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3196

    ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race ... Read more

    • EPSS Score: %5.68
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-3195

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain ... Read more

    • EPSS Score: %2.22
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3194

    crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parame... Read more

    • EPSS Score: %64.37
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3193

    The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote... Read more

    Affected Products : ubuntu_linux openssl node.js
    • EPSS Score: %23.41
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1794

    The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.... Read more

    Affected Products : openssl
    • EPSS Score: %3.13
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8480

    The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-... Read more

    Affected Products : chrome
    • EPSS Score: %0.79
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8479

    Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecifi... Read more

    Affected Products : chrome
    • EPSS Score: %0.14
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8478

    Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome v8
    • EPSS Score: %0.11
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6787

    Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %48.36
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6786

    The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which all... Read more

    Affected Products : chrome
    • EPSS Score: %0.77
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6785

    The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote att... Read more

    Affected Products : chrome
    • EPSS Score: %0.77
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6784

    The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?... Read more

    Affected Products : chrome
    • EPSS Score: %0.73
    • Published: Dec. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291358 Results