Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2015-5166

    Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.... Read more

    Affected Products : fedora xen
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-5165

    The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.... Read more

    • EPSS Score: %12.37
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-5154

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.... Read more

    • EPSS Score: %0.18
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3908

    Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ce... Read more

    Affected Products : ansible
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-3286

    Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.... Read more

    Affected Products : openafs
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3285

    The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.... Read more

    Affected Products : openafs
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3284

    pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.... Read more

    Affected Products : openafs
    • EPSS Score: %0.06
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-3283

    OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.... Read more

    Affected Products : openafs
    • EPSS Score: %0.77
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3282

    vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.... Read more

    Affected Products : openafs
    • EPSS Score: %0.47
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3213

    The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.... Read more

    Affected Products : clutter
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3187

    The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has... Read more

    Affected Products : xcode subversion
    • EPSS Score: %0.51
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3184

    mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.... Read more

    Affected Products : http_server xcode subversion
    • EPSS Score: %22.43
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2059

    The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds r... Read more

    Affected Products : fedora opensuse libidn
    • EPSS Score: %0.83
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2058

    c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.... Read more

    Affected Products : jabberd2
    • EPSS Score: %0.48
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1867

    Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2015-1334

    attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.... Read more

    Affected Products : lxc
    • EPSS Score: %0.07
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-1331

    lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.... Read more

    Affected Products : lxc
    • EPSS Score: %0.05
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0851

    XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.... Read more

    Affected Products : xmltooling
    • EPSS Score: %0.62
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-7443

    Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.... Read more

    Affected Products : ubuntu_linux sqlite
    • EPSS Score: %1.45
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-5965

    The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.... Read more

    Affected Products : fortios
    • EPSS Score: %0.35
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291419 Results