Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-9895

    Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %0.71
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9894

    A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.... Read more

    Affected Products : firefox
    • EPSS Score: %2.83
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9893

    Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Fi... Read more

    • EPSS Score: %3.55
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9880

    The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • EPSS Score: %3.91
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9778

    An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacke... Read more

    • EPSS Score: %8.62
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-9749

    IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.... Read more

    Affected Products : campaign
    • EPSS Score: %0.04
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9722

    IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.... Read more

    • EPSS Score: %31.98
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9711

    IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.19
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9652

    Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.... Read more

    Affected Products : chrome
    • EPSS Score: %1.30
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9651

    A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.... Read more

    • EPSS Score: %53.95
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9646

    ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.... Read more

    Affected Products : debian_linux ikiwiki
    • EPSS Score: %0.26
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9645

    The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.16
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9606

    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.... Read more

    Affected Products : resteasy
    • EPSS Score: %0.77
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9605

    A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default instal... Read more

    Affected Products : cobbler cobbler
    • EPSS Score: %0.30
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2016-9604

    It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module s... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-9603

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user... Read more

    • EPSS Score: %1.52
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-9602

    Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %1.37
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-9601

    ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embed... Read more

    Affected Products : debian_linux gpl_ghostscript jbig2dec
    • EPSS Score: %0.43
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9600

    JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.... Read more

    • EPSS Score: %0.30
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9599

    puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gai... Read more

    Affected Products : openstack puppet-tripleo
    • EPSS Score: %0.19
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results