Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2016-8628

    Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible run... Read more

    Affected Products : ansible
    • EPSS Score: %0.50
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8627

    admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser ... Read more

    • EPSS Score: %0.80
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2016-8626

    A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.... Read more

    • EPSS Score: %2.87
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8625

    curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.... Read more

    Affected Products : curl
    • EPSS Score: %2.56
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8624

    curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for examp... Read more

    Affected Products : curl
    • EPSS Score: %2.90
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8623

    A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.... Read more

    Affected Products : curl
    • EPSS Score: %0.46
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8622

    The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit ... Read more

    Affected Products : curl libcurl
    • EPSS Score: %1.35
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8621

    The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.... Read more

    Affected Products : curl
    • EPSS Score: %1.32
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8620

    The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.... Read more

    Affected Products : curl
    • EPSS Score: %0.74
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8619

    The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.... Read more

    Affected Products : curl
    • EPSS Score: %3.57
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8618

    The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.... Read more

    Affected Products : curl
    • EPSS Score: %1.51
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2016-8617

    The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.... Read more

    Affected Products : curl
    • EPSS Score: %0.08
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-8616

    A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a pr... Read more

    Affected Products : curl
    • EPSS Score: %2.68
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8615

    A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.... Read more

    Affected Products : curl
    • EPSS Score: %3.01
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8614

    A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.... Read more

    Affected Products : ansible
    • EPSS Score: %0.08
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-8613

    A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or ... Read more

    Affected Products : foreman
    • EPSS Score: %0.74
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8612

    Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.... Read more

    • EPSS Score: %1.32
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8611

    A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.... Read more

    Affected Products : glance
    • EPSS Score: %0.54
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-8609

    It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit f... Read more

    Affected Products : keycloak
    • EPSS Score: %0.16
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-8608

    JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, w... Read more

    • EPSS Score: %0.18
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results