Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-5416

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the defa... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5405

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user p... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4992

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the exi... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3099

    mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3095

    server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.... Read more

    Affected Products : fedora pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4471

    ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4457

    CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.... Read more

    Affected Products : cloudforms_management_engine
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3690

    The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3112

    client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3111

    pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local use... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-3108

    The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3107

    The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3091

    Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : diego
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2034

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.... Read more

    Affected Products : clearpass
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-3498

    The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.... Read more

    Affected Products : ansible
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2017-9330

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2017-9310

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outsid... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9023

    The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9022

    The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8108

    Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294724 Results