Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-5240

    Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to star... Read more

    Affected Products : neutron smart_vms
    • EPSS Score: %0.09
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5220

    The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.... Read more

    • EPSS Score: %1.52
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5188

    Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication ... Read more

    • EPSS Score: %0.33
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5178

    The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a c... Read more

    • EPSS Score: %0.50
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3996

    The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Co... Read more

    Affected Products : afnetworking
    • EPSS Score: %0.16
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-6340

    The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCu... Read more

    • EPSS Score: %0.46
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2015-5665

    Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.... Read more

    Affected Products : ec-cube ec-cube
    • EPSS Score: %0.15
    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-4625

    Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.... Read more

    Affected Products : fedora opensuse polkit
    • EPSS Score: %0.10
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3256

    PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."... Read more

    Affected Products : opensuse polkit
    • EPSS Score: %0.08
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3255

    The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.... Read more

    Affected Products : polkit polkit
    • EPSS Score: %0.11
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3218

    The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthen... Read more

    Affected Products : polkit polkit
    • EPSS Score: %0.13
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7674

    Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers ... Read more

    Affected Products : ubuntu_linux gdk-pixbuf opensuse
    • EPSS Score: %0.92
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-7673

    io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision T... Read more

    Affected Products : gdk-pixbuf opensuse
    • EPSS Score: %1.25
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5286

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a t... Read more

    • EPSS Score: %0.44
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5251

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.... Read more

    • EPSS Score: %0.17
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5223

    OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.... Read more

    Affected Products : swift
    • EPSS Score: %1.15
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3280

    OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while ... Read more

    Affected Products : nova
    • EPSS Score: %1.72
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-8242

    librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.... Read more

    Affected Products : librsync
    • EPSS Score: %2.28
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-7699

    The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objects... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %1.33
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7881

    The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a co... Read more

    Affected Products : colorbox
    • EPSS Score: %0.13
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291867 Results