Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-5409

    Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.... Read more

    • EPSS Score: %0.38
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-6261

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP sessi... Read more

    • EPSS Score: %0.15
    • Published: Aug. 26, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5949

    VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %6.96
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5161

    The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML extern... Read more

    Affected Products : zend_framework
    • EPSS Score: %46.76
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4020

    RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a ... Read more

    Affected Products : solaris rubygems bundler
    • EPSS Score: %0.52
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-2150

    xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.... Read more

    Affected Products : xfsprogs
    • EPSS Score: %1.76
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-6262

    Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.11
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5786

    Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.... Read more

    Affected Products : quicktime
    • EPSS Score: %1.48
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5785

    Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.... Read more

    Affected Products : quicktime
    • EPSS Score: %1.48
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3269

    Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read ... Read more

    • EPSS Score: %13.33
    • Published: Aug. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6249

    The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cau... Read more

    Affected Products : wireshark solaris
    • EPSS Score: %0.57
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6248

    The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) vi... Read more

    Affected Products : wireshark linux solaris
    • EPSS Score: %0.68
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6247

    The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite lo... Read more

    Affected Products : wireshark solaris
    • EPSS Score: %0.57
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6246

    The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted pa... Read more

    Affected Products : wireshark linux solaris
    • EPSS Score: %0.66
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6245

    epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.... Read more

    Affected Products : wireshark linux solaris
    • EPSS Score: %0.38
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6244

    The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (a... Read more

    Affected Products : wireshark linux solaris
    • EPSS Score: %0.80
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6243

    The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) diss... Read more

    Affected Products : wireshark linux solaris
    • EPSS Score: %0.66
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6242

    The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory... Read more

    Affected Products : wireshark solaris
    • EPSS Score: %0.57
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6241

    The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to ... Read more

    Affected Products : wireshark solaris
    • EPSS Score: %0.57
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5424

    Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.... Read more

    Affected Products : keyview
    • EPSS Score: %7.93
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291401 Results