Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2015-3246

    libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modif... Read more

    Affected Products : libuser
    • EPSS Score: %20.31
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3245

    Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline c... Read more

    Affected Products : libuser
    • EPSS Score: %15.42
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3228

    Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which tri... Read more

    Affected Products : ghostscript afpl_ghostscript
    • EPSS Score: %0.97
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2323

    FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.... Read more

    Affected Products : fortios
    • EPSS Score: %0.29
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1818

    XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side requ... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.54
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-1805

    The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial o... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %8.09
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2980

    The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.... Read more

    Affected Products : yodobashi
    • EPSS Score: %0.60
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2897

    Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.... Read more

    • EPSS Score: %0.01
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5962

    Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corrupt... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.41
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-5961

    The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that ser... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.09
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-5960

    Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation.... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.06
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-4495

    The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code... Read more

    • Actively Exploited
    • EPSS Score: %69.92
    • Published: Aug. 08, 2015
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2015-4494

    Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app.... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.26
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2745

    Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishan... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.32
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2744

    Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view.... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.26
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-4674

    The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : timedoctor
    • EPSS Score: %0.32
    • Published: Aug. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-3636

    The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system ... Read more

    • EPSS Score: %2.26
    • Published: Aug. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2015-4167

    The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.05
    • Published: Aug. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3439

    Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript f... Read more

    Affected Products : debian_linux wordpress
    • EPSS Score: %1.36
    • Published: Aug. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3438

    Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches ... Read more

    Affected Products : debian_linux wordpress
    • EPSS Score: %0.86
    • Published: Aug. 05, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291312 Results