Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-7674

    Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers ... Read more

    Affected Products : ubuntu_linux gdk-pixbuf opensuse
    • EPSS Score: %0.92
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7673

    io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision T... Read more

    Affected Products : gdk-pixbuf opensuse
    • EPSS Score: %1.25
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5286

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a t... Read more

    • EPSS Score: %0.44
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5251

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.... Read more

    • EPSS Score: %0.17
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5223

    OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.... Read more

    Affected Products : swift
    • EPSS Score: %1.15
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3280

    OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while ... Read more

    Affected Products : nova
    • EPSS Score: %1.72
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-8242

    librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.... Read more

    Affected Products : librsync
    • EPSS Score: %2.28
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-7699

    The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objects... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %1.33
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7881

    The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a co... Read more

    Affected Products : colorbox
    • EPSS Score: %0.13
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2015-7298

    ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks b... Read more

    Affected Products : qt owncloud_desktop_client
    • EPSS Score: %0.25
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6670

    ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6500

    Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.90
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-5289

    Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) js... Read more

    Affected Products : ubuntu_linux debian_linux postgresql
    • EPSS Score: %7.45
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-5288

    The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "t... Read more

    Affected Products : postgresql
    • EPSS Score: %5.22
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-4456

    ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by levera... Read more

    Affected Products : owncloud_desktop_client
    • EPSS Score: %0.16
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-5448

    HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : asset_manager
    • EPSS Score: %0.06
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-5014

    IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.... Read more

    Affected Products : cognos_disclosure_management
    • EPSS Score: %0.47
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2015-5011

    IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, ... Read more

    • EPSS Score: %0.12
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4981

    IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.... Read more

    • EPSS Score: %0.06
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-4974

    IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.... Read more

    • EPSS Score: %0.10
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291756 Results