Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-6642

    The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSy... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2015-6641

    Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6640

    The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service ... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6639

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6638

    The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6637

    The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6636

    mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5310

    The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or ca... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6861

    HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.... Read more

    Affected Products : eucalyptus
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2015-6860

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.... Read more

    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6859

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.... Read more

    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6858

    HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : insight_control insight_management
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5447

    Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : storeonce_backup_system_software
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5446

    HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : storeonce_backup_system_software
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-5445

    Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : storeonce_backup_system_software
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5434

    HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."... Read more

    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6432

    Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device r... Read more

    Affected Products : ios_xr
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-5040

    HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing... Read more

    Affected Products : eucalyptus
    • Published: Jan. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8742

    The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application ... Read more

    Affected Products : wireshark
    • Published: Jan. 04, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8741

    The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted ... Read more

    Affected Products : wireshark
    • Published: Jan. 04, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292814 Results