THREAT ALERT

ACT NOW CVE-2015-5374 7.8 Siemens EN100 Ethernet module firmware across multiple protocol variants (PROFINET IO, Modbus TCP, DNP3 TCP, IEC 104) contains a vulnerability that allows remote attackers to cause a denial-of-service condition by sending specially crafted packets. The affected module crashes and requires a manual cold restart to recover, impacting industrial control system availability. | ACT NOW CVE-2015-2387 7.8 The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities. | ACT NOW CVE-2015-5119 9.8 Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16. | ACT NOW CVE-2015-3113 9.8 Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — July 18, 2015

1 CVEs tracked today. 0 Critical, 1 High, 0 Medium, 0 Low.

CVE-2015-5374 HIGH CVSS 7.8
Siemens EN100 Ethernet module firmware across multiple protocol variants (PROFINET IO, Modbus TCP, DNP3 TCP, IEC 104) contains a vulnerability that allows remote attackers to cause a denial-of-service condition by sending specially crafted packets. The affected module crashes and requires a manual cold restart to recover, impacting industrial control system availability.

Information Disclosure

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities