Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-3973

    Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.94
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3972

    The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.62
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3971

    The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.31
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3970

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %1.12
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3969

    Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.58
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-3968

    The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.34
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3967

    Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users.... Read more

    Affected Products : umg_508 umg_509 umg_511 umg_604 umg_605
    • EPSS Score: %0.08
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7986

    The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.... Read more

    Affected Products : hana
    • EPSS Score: %25.85
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5262

    http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via ... Read more

    Affected Products : ubuntu_linux fedora httpclient
    • EPSS Score: %0.95
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5240

    Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to star... Read more

    Affected Products : neutron smart_vms
    • EPSS Score: %0.09
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5220

    The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.... Read more

    • EPSS Score: %1.52
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5188

    Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication ... Read more

    • EPSS Score: %0.33
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5178

    The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a c... Read more

    • EPSS Score: %0.50
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3996

    The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Co... Read more

    Affected Products : afnetworking
    • EPSS Score: %0.16
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6340

    The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCu... Read more

    • EPSS Score: %0.46
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2015-5665

    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.... Read more

    Affected Products : ec-cube ec-cube
    • EPSS Score: %0.15
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-4625

    Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.... Read more

    Affected Products : fedora opensuse polkit
    • EPSS Score: %0.10
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3256

    PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."... Read more

    Affected Products : opensuse polkit
    • EPSS Score: %0.08
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3255

    The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.... Read more

    Affected Products : polkit polkit
    • EPSS Score: %0.11
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3218

    The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthen... Read more

    Affected Products : polkit polkit
    • EPSS Score: %0.13
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291756 Results