Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-8732

    Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the pr... Read more

    Affected Products : invincea_dell_protected_workspace
    • EPSS Score: %0.06
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-8730

    An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An ... Read more

    Affected Products : coreldraw_photo_paint_x8
    • EPSS Score: %0.20
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8729

    An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can speci... Read more

    Affected Products : mupdf
    • EPSS Score: %0.53
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2016-8728

    An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading ... Read more

    Affected Products : mupdf
    • EPSS Score: %0.59
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-8717

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attacke... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • EPSS Score: %0.37
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8657

    It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init ... Read more

    • EPSS Score: %0.06
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8656

    Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.... Read more

    • EPSS Score: %0.06
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8654

    A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.... Read more

    • EPSS Score: %0.23
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-8653

    It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.... Read more

    Affected Products : jboss_fuse jboss_a-mq
    • EPSS Score: %0.34
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-8651

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of an... Read more

    • EPSS Score: %0.24
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-8648

    It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java V... Read more

    Affected Products : jboss_fuse jboss_a-mq
    • EPSS Score: %0.54
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-8647

    An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.... Read more

    Affected Products : ansible_engine virtualization ansible
    • EPSS Score: %0.22
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8641

    A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are... Read more

    Affected Products : nagios
    • EPSS Score: %1.11
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-8640

    A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perfor... Read more

    Affected Products : pycsw
    • EPSS Score: %0.95
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-8639

    It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the... Read more

    Affected Products : satellite foreman satellite_capsule
    • EPSS Score: %0.58
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8637

    A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive infor... Read more

    Affected Products : dracut
    • EPSS Score: %0.05
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-8635

    It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.... Read more

    • EPSS Score: %0.44
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-8634

    A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The re... Read more

    Affected Products : foreman
    • EPSS Score: %0.27
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2016-8631

    The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.19
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8629

    Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and de... Read more

    • EPSS Score: %0.45
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results