Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2015-2851

    client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.... Read more

    Affected Products : mac_os_x cloud_station
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-1937

    IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obt... Read more

    Affected Products : powervc
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0193

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more

    Affected Products : business_process_manager websphere
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2015-0121

    IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-0758

    The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (X... Read more

    Affected Products : unified_meetingplace
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0747

    Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0745

    Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-0744

    Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CS... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2015-0743

    Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0733

    CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4069

    The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.... Read more

    Affected Products : arcserve_unified_data_protection
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2015-4068

    Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.... Read more

    • Actively Exploited
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4067

    Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.... Read more

    Affected Products : netvault_backup
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4060

    Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.... Read more

    Affected Products : connectpro
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4059

    Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.... Read more

    Affected Products : terminal_emulation
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-4047

    racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.... Read more

    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4032

    projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4031

    Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3995

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.... Read more

    Affected Products : hana
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-3994

    The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.... Read more

    Affected Products : hana
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293304 Results