Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9880

    The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • EPSS Score: %3.91
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9778

    An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacke... Read more

    • EPSS Score: %8.62
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-9749

    IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.... Read more

    Affected Products : campaign
    • EPSS Score: %0.04
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9722

    IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.... Read more

    • EPSS Score: %31.98
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9711

    IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.19
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9652

    Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.... Read more

    Affected Products : chrome
    • EPSS Score: %1.30
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9651

    A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.... Read more

    • EPSS Score: %53.95
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9646

    ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.... Read more

    Affected Products : debian_linux ikiwiki
    • EPSS Score: %0.26
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9645

    The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.16
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9606

    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.... Read more

    Affected Products : resteasy
    • EPSS Score: %0.77
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9605

    A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default instal... Read more

    Affected Products : cobbler cobbler
    • EPSS Score: %0.30
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2016-9604

    It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module s... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-9603

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user... Read more

    • EPSS Score: %1.52
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-9602

    Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %1.37
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-9601

    ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embed... Read more

    Affected Products : debian_linux gpl_ghostscript jbig2dec
    • EPSS Score: %0.43
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9600

    JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.... Read more

    • EPSS Score: %0.30
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9599

    puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gai... Read more

    Affected Products : openstack puppet-tripleo
    • EPSS Score: %0.19
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9598

    libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4... Read more

    Affected Products : libxml2 jboss_core_services
    • EPSS Score: %0.67
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9597

    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE fo... Read more

    • EPSS Score: %1.33
    • Published: Jul. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9596

    libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE... Read more

    Affected Products : libxml2 jboss_core_services
    • EPSS Score: %0.67
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291401 Results