Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-9834

    An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the targe... Read more

    Affected Products : cyberoam_firmware cyberoam
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9474

    In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.... Read more

    Affected Products : ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9473

    In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.... Read more

    Affected Products : ubuntu_linux ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9472

    In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.... Read more

    Affected Products : ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9471

    In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.... Read more

    Affected Products : ubuntu_linux ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9470

    In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.... Read more

    Affected Products : ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9469

    In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.... Read more

    Affected Products : debian_linux irssi
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9468

    In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.... Read more

    Affected Products : debian_linux irssi
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-9465

    The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec f... Read more

    Affected Products : yara
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-9462

    In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-9461

    smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9961

    game-music-emu before 0.6.1 mishandles unspecified integer values.... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9960

    game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5004

    The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.... Read more

    Affected Products : ws-xmlrpc
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3077

    The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.... Read more

    Affected Products : ovirt-engine
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3066

    The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.... Read more

    Affected Products : spice-gtk
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-2192

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.... Read more

    Affected Products : pl\/java
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-0768

    PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.... Read more

    Affected Products : postgresql
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-0767

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.... Read more

    Affected Products : pl\/java
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0726

    The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.... Read more

    Affected Products : nagios
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294446 Results