Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2015-1334

    attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.... Read more

    Affected Products : lxc
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-1331

    lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.... Read more

    Affected Products : lxc
    • EPSS Score: %0.05
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0851

    XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.... Read more

    Affected Products : xmltooling
    • EPSS Score: %0.62
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-7443

    Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.... Read more

    Affected Products : ubuntu_linux sqlite
    • EPSS Score: %1.45
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5965

    The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.... Read more

    Affected Products : fortios
    • EPSS Score: %0.35
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5523

    The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.... Read more

    • EPSS Score: %4.27
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-5522

    Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.... Read more

    • EPSS Score: %4.19
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5369

    Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enable... Read more

    • EPSS Score: %0.38
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-5176

    The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF res... Read more

    Affected Products : jboss_portal
    • EPSS Score: %0.24
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-4634

    SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.... Read more

    Affected Products : cacti
    • EPSS Score: %0.41
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3626

    Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.... Read more

    Affected Products : fortios
    • EPSS Score: %0.28
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3267

    Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : jboss_operations_network
    • EPSS Score: %0.30
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3246

    libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modif... Read more

    Affected Products : libuser
    • EPSS Score: %20.31
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3245

    Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline c... Read more

    Affected Products : libuser
    • EPSS Score: %15.42
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3228

    Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which tri... Read more

    Affected Products : ghostscript afpl_ghostscript
    • EPSS Score: %0.97
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-2323

    FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.... Read more

    Affected Products : fortios
    • EPSS Score: %0.29
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1818

    XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side requ... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.54
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-1805

    The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial o... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %8.09
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2980

    The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.... Read more

    Affected Products : yodobashi
    • EPSS Score: %0.60
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2897

    Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.... Read more

    • EPSS Score: %0.01
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291384 Results