Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2016-9602

    Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %1.37
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-9601

    ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embed... Read more

    Affected Products : debian_linux gpl_ghostscript jbig2dec
    • EPSS Score: %0.43
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9600

    JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.... Read more

    • EPSS Score: %0.30
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9599

    puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gai... Read more

    Affected Products : openstack puppet-tripleo
    • EPSS Score: %0.19
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9598

    libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4... Read more

    Affected Products : libxml2 jboss_core_services
    • EPSS Score: %0.67
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9597

    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE fo... Read more

    • EPSS Score: %1.33
    • Published: Jul. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9596

    libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE... Read more

    Affected Products : libxml2 jboss_core_services
    • EPSS Score: %0.67
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2016-9595

    A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.... Read more

    Affected Products : satellite katello satellite_capsule
    • EPSS Score: %0.04
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9594

    curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.... Read more

    Affected Products : curl
    • EPSS Score: %0.95
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9593

    foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.... Read more

    Affected Products : satellite foreman
    • EPSS Score: %0.15
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-9592

    openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.32
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-9591

    JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.... Read more

    • EPSS Score: %0.48
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9590

    puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly ... Read more

    Affected Products : openstack puppet-swift
    • EPSS Score: %0.17
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9589

    Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fi... Read more

    Affected Products : jboss_wildfly_application_server
    • EPSS Score: %3.09
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-9587

    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ans... Read more

    Affected Products : openstack ansible ansible
    • EPSS Score: %3.86
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9586

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary inpu... Read more

    Affected Products : curl
    • EPSS Score: %0.69
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9585

    Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.... Read more

    • EPSS Score: %0.18
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9583

    An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9581

    An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.35
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9580

    An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.40
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results