Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2016-8651

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of an... Read more

    • EPSS Score: %0.24
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-8648

    It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java V... Read more

    Affected Products : jboss_fuse jboss_a-mq
    • EPSS Score: %0.54
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-8647

    An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.... Read more

    Affected Products : ansible_engine virtualization ansible
    • EPSS Score: %0.22
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8641

    A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are... Read more

    Affected Products : nagios
    • EPSS Score: %1.11
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-8640

    A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perfor... Read more

    Affected Products : pycsw
    • EPSS Score: %0.95
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-8639

    It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the... Read more

    Affected Products : satellite foreman satellite_capsule
    • EPSS Score: %0.58
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8637

    A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive infor... Read more

    Affected Products : dracut
    • EPSS Score: %0.05
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-8635

    It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.... Read more

    • EPSS Score: %0.44
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-8634

    A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The re... Read more

    Affected Products : foreman
    • EPSS Score: %0.27
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2016-8631

    The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.19
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8629

    Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and de... Read more

    • EPSS Score: %0.45
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-8628

    Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible run... Read more

    Affected Products : ansible
    • EPSS Score: %0.50
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8627

    admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser ... Read more

    • EPSS Score: %0.80
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2016-8626

    A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.... Read more

    • EPSS Score: %2.87
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8625

    curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.... Read more

    Affected Products : curl
    • EPSS Score: %2.56
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8624

    curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for examp... Read more

    Affected Products : curl
    • EPSS Score: %2.90
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8623

    A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.... Read more

    Affected Products : curl
    • EPSS Score: %0.46
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8622

    The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit ... Read more

    Affected Products : curl libcurl
    • EPSS Score: %1.35
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8621

    The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.... Read more

    Affected Products : curl
    • EPSS Score: %1.32
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8620

    The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.... Read more

    Affected Products : curl
    • EPSS Score: %0.74
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results