Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-9593

    foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.... Read more

    Affected Products : satellite foreman
    • EPSS Score: %0.15
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-9592

    openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.32
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-9591

    JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.... Read more

    • EPSS Score: %0.48
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9590

    puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly ... Read more

    Affected Products : openstack puppet-swift
    • EPSS Score: %0.17
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9589

    Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fi... Read more

    Affected Products : jboss_wildfly_application_server
    • EPSS Score: %3.09
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-9587

    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ans... Read more

    Affected Products : openstack ansible ansible
    • EPSS Score: %3.86
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9586

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary inpu... Read more

    Affected Products : curl
    • EPSS Score: %0.69
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9585

    Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.... Read more

    • EPSS Score: %0.18
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9583

    An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9581

    An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.35
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9580

    An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.40
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9579

    A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafte... Read more

    • EPSS Score: %18.30
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9578

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.... Read more

    • EPSS Score: %3.47
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9577

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.... Read more

    • EPSS Score: %3.86
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9575

    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profil... Read more

    Affected Products : freeipa
    • EPSS Score: %0.27
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9574

    nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.... Read more

    Affected Products : network_security_services
    • EPSS Score: %0.18
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9573

    An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.... Read more

    • EPSS Score: %1.41
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9572

    A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a ... Read more

    Affected Products : openjpeg debian_linux
    • EPSS Score: %1.77
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9570

    cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.39
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9569

    The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.13
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291419 Results