Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-7077

    foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.... Read more

    Affected Products : foreman
    • EPSS Score: %0.18
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-7076

    sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec rest... Read more

    Affected Products : sudo
    • EPSS Score: %0.07
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-7075

    It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 cert... Read more

    Affected Products : openshift kubernetes
    • EPSS Score: %0.29
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-7074

    An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check t... Read more

    Affected Products : debian_linux authoritative recursor
    • EPSS Score: %0.00
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-7073

    An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check o... Read more

    Affected Products : debian_linux authoritative recursor
    • EPSS Score: %0.01
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7072

    An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file de... Read more

    Affected Products : debian_linux authoritative
    • EPSS Score: %0.03
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-7071

    It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know... Read more

    • EPSS Score: %0.49
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2016-7070

    A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the datab... Read more

    Affected Products : ansible_tower
    • EPSS Score: %0.09
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7069

    An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be re... Read more

    Affected Products : dnsdist
    • EPSS Score: %0.02
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-7068

    An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might r... Read more

    Affected Products : debian_linux authoritative recursor
    • EPSS Score: %0.08
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-7067

    Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.... Read more

    Affected Products : monit
    • EPSS Score: %0.27
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-7066

    It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.... Read more

    • EPSS Score: %0.03
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7064

    A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage... Read more

    Affected Products : pritunl-client
    • EPSS Score: %0.15
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7063

    A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.... Read more

    Affected Products : pritunl-client
    • EPSS Score: %0.75
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-7061

    An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive informatio... Read more

    • EPSS Score: %0.59
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-7056

    A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.... Read more

    • EPSS Score: %0.12
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7048

    The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.... Read more

    Affected Products : postgresql
    • EPSS Score: %9.57
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7047

    A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.... Read more

    • EPSS Score: %0.33
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7043

    It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther servi... Read more

    Affected Products : kie-server
    • EPSS Score: %0.30
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2016-7041

    Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.... Read more

    Affected Products : jboss_brms jboss_drools
    • EPSS Score: %0.97
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291638 Results