Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-3885

    Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.... Read more

    Affected Products : fedora dcraw
    • EPSS Score: %5.25
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3409

    Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.... Read more

    Affected Products : ubuntu_linux module-signature
    • EPSS Score: %0.06
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3408

    Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.... Read more

    Affected Products : ubuntu_linux module-signature
    • EPSS Score: %4.87
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-3407

    Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.... Read more

    Affected Products : ubuntu_linux module-signature
    • EPSS Score: %0.42
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1846

    unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.... Read more

    Affected Products : unzoo
    • EPSS Score: %0.85
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1845

    Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : unzoo
    • EPSS Score: %10.96
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-0267

    The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : kexec-tools
    • EPSS Score: %0.05
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0739

    The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka ... Read more

    • EPSS Score: %0.28
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2015-3631

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.... Read more

    Affected Products : docker moby
    • EPSS Score: %0.12
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3630

    Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via ... Read more

    Affected Products : docker moby
    • EPSS Score: %0.04
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-3629

    Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.... Read more

    Affected Products : docker opensuse libcontainer
    • EPSS Score: %0.05
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-3627

    Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.... Read more

    Affected Products : docker libcontainer
    • EPSS Score: %0.09
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-3455

    Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers... Read more

    Affected Products : fedora linux solaris squid
    • EPSS Score: %2.11
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3306

    The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.... Read more

    Affected Products : proftpd
    • EPSS Score: %94.05
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-2704

    realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.... Read more

    Affected Products : realmd
    • EPSS Score: %0.37
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2015-2667

    Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.... Read more

    Affected Products : gns3
    • EPSS Score: %0.16
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2346

    XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.... Read more

    Affected Products : seq_analyst
    • EPSS Score: %0.12
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1868

    The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consum... Read more

    Affected Products : fedora authoritative recursor
    • EPSS Score: %52.66
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0278

    libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.... Read more

    Affected Products : fedora node.js libuv
    • EPSS Score: %1.77
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2014-8384

    The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecifi... Read more

    Affected Products : in3128hd_firmware in3128hd
    • EPSS Score: %1.06
    • Published: May. 18, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290954 Results