Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-10209

    The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.... Read more

    Affected Products : libarchive
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10272

    LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.... Read more

    Affected Products : libtiff
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10369

    unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).... Read more

    Affected Products : lxterminal
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1253

    The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.... Read more

    Affected Products : debian_linux most
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6842

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.... Read more

    Affected Products : podofo
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1908

    The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding priv... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-2371

    An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.... Read more

    Affected Products : ubuntu_linux debian_linux pidgin
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-2379

    The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-usin... Read more

    Affected Products : pidgin mxit
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3695

    The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3696

    The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.... Read more

    Affected Products : fedora pulp
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-4484

    The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.... Read more

    Affected Products : cryptsetup
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-4491

    The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ... Read more

    Affected Products : libiberty
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4692

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to exe... Read more

    Affected Products : itunes iphone_os safari icloud
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-4796

    Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.... Read more

    Affected Products : fedora openjpeg
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4912

    The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.... Read more

    Affected Products : openslp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5884

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    Affected Products : inotes domino
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5003

    The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.... Read more

    Affected Products : ws-xmlrpc
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5044

    The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5102

    Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.... Read more

    Affected Products : libtiff
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5199

    An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit ... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293423 Results