Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-8621

    The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.... Read more

    Affected Products : curl
    • EPSS Score: %1.32
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8620

    The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.... Read more

    Affected Products : curl
    • EPSS Score: %0.74
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8619

    The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.... Read more

    Affected Products : curl
    • EPSS Score: %3.57
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8618

    The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.... Read more

    Affected Products : curl
    • EPSS Score: %1.51
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2016-8617

    The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.... Read more

    Affected Products : curl
    • EPSS Score: %0.08
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-8616

    A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a pr... Read more

    Affected Products : curl
    • EPSS Score: %2.68
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8615

    A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.... Read more

    Affected Products : curl
    • EPSS Score: %3.01
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8614

    A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.... Read more

    Affected Products : ansible
    • EPSS Score: %0.08
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-8613

    A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or ... Read more

    Affected Products : foreman
    • EPSS Score: %0.74
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8612

    Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.... Read more

    • EPSS Score: %1.32
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8611

    A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.... Read more

    Affected Products : glance
    • EPSS Score: %0.54
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-8609

    It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit f... Read more

    Affected Products : keycloak
    • EPSS Score: %0.16
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-8608

    JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, w... Read more

    • EPSS Score: %0.18
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-8535

    A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.24
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-8534

    A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.53
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-8533

    A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.53
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-8532

    A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.30
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-8531

    A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.55
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8530

    A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %8.06
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2016-8529

    A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.... Read more

    Affected Products : lefthand
    • EPSS Score: %2.17
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results