Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0733

    CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4069

    The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.... Read more

    Affected Products : arcserve_unified_data_protection
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2015-4068

    Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.... Read more

    • Actively Exploited
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4067

    Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.... Read more

    Affected Products : netvault_backup
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4060

    Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.... Read more

    Affected Products : connectpro
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4059

    Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.... Read more

    Affected Products : terminal_emulation
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4047

    racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.... Read more

    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4032

    projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4031

    Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3995

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.... Read more

    Affected Products : hana
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3994

    The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.... Read more

    Affected Products : hana
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2015-1833

    XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intra... Read more

    Affected Products : jackrabbit
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0847

    nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.... Read more

    Affected Products : ubuntu_linux nbd
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0757

    The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug I... Read more

    Affected Products : identity_services_engine_software
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-0756

    Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.... Read more

    Affected Products : wireless_lan_controller
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0755

    The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0754

    Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.... Read more

    Affected Products : finesse
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-0753

    SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.... Read more

    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0752

    Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.... Read more

    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0751

    Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.... Read more

    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292795 Results