Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-2955

    Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-2954

    Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-2341

    VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.... Read more

    Affected Products : player workstation fusion
    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-2340

    TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memo... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-2339

    TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate mem... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-2338

    TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate mem... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-2337

    TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memo... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-2336

    TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate mem... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2015-4185

    The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.... Read more

    Affected Products : ios
    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-4184

    The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.... Read more

    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1792

    The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of ... Read more

    Affected Products : openssl
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-1791

    Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of s... Read more

    Affected Products : openssl
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-1790

    The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via ... Read more

    Affected Products : openssl
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1789

    The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted... Read more

    Affected Products : openssl sparc-opl_service_processor
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1788

    The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field... Read more

    Affected Products : openssl
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8176

    The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, w... Read more

    Affected Products : openssl
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-4182

    The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui720... Read more

    Affected Products : identity_services_engine_software
    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0776

    telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0775

    The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-0772

    Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut... Read more

    • Published: Jun. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293179 Results