Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-9589

    Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fi... Read more

    Affected Products : jboss_wildfly_application_server
    • EPSS Score: %3.09
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-9587

    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ans... Read more

    Affected Products : openstack ansible ansible
    • EPSS Score: %3.86
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9586

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary inpu... Read more

    Affected Products : curl
    • EPSS Score: %0.69
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9585

    Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.... Read more

    • EPSS Score: %0.18
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9583

    An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9581

    An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.35
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9580

    An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.40
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9579

    A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafte... Read more

    • EPSS Score: %18.30
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9578

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.... Read more

    • EPSS Score: %3.47
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9577

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.... Read more

    • EPSS Score: %3.86
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9575

    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profil... Read more

    Affected Products : freeipa
    • EPSS Score: %0.27
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9574

    nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.... Read more

    Affected Products : network_security_services
    • EPSS Score: %0.18
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9573

    An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.... Read more

    • EPSS Score: %1.41
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9572

    A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a ... Read more

    Affected Products : openjpeg debian_linux
    • EPSS Score: %1.77
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9570

    cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.39
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9569

    The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.13
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9568

    A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.72
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9500

    Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.74
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9499

    Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.51
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9498

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as we... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %71.20
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291395 Results