Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.5

MEDIUM

CVE-2016-5322

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image....

Affected Products : debian_linux libtiff
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
7.0

HIGH

CVE-2016-4989

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a craft...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation setroubleshoot enterprise_linux_hpc_node
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
7.0

HIGH

CVE-2016-4446

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function....

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation setroubleshoot enterprise_linux_hpc_node
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
7.0

HIGH

CVE-2016-4445

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutp...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation setroubleshoot enterprise_linux_hpc_node
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
7.0

HIGH

CVE-2016-4444

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function....

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation setroubleshoot enterprise_linux_hpc_node
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding priv...

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_tus openssh enterprise_linux_eus linux
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
4.7

MEDIUM

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only...

Affected Products : libxml2
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerabil...

Affected Products : debian_linux libxml2 solaris
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2016-0779

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object....

Affected Products : tomee
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7462

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory....

Affected Products : nfc-30ir_firmware nfc-30ir
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
6.8

MEDIUM

CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text...

Affected Products : nfc-30ir_firmware nfc-30ir
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
6.7

MEDIUM

CVE-2017-5873

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe....

Affected Products : secure_partitioning
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
6.5

MEDIUM

CVE-2017-5672

Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request....

Affected Products : enterprise_mobile_management
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
4.9

MEDIUM

CVE-2016-5011

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at...

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_tus enterprise_linux_eus util-linux powerkvm power_hardware_management_console
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2016-4468

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7...

Affected Products : cloud_foundry_elastic_runtime cloud_foundry_uaa cloud_foundry_uaa_bosh cloud_foundry cloud_foundry_ops_manager
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
5.3

MEDIUM

CVE-2016-7467

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, ...

Affected Products : big-ip_access_policy_manager
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
9.0

HIGH

CVE-2016-6811

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user....

Affected Products : hadoop
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
5.9

MEDIUM

CVE-2016-10259

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circums...

Affected Products : ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv2800
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
6.1

MEDIUM

CVE-2017-7621

Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/...

Affected Products : emli
Published: Apr. 11, 2017

Modified: Apr. 20, 2025
8.1

HIGH

CVE-2017-7648

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation....

Affected Products : c1 c1_lite c2 fi9800xe fi9826p fi9828p fi9851p fi9853ep fi9901ep fi9903p +2 more products
Published: Apr. 10, 2017

Modified: Apr. 20, 2025

Showing 20 of 293636 Results

Browse by Apps

Latest CVE Feed

5.5

7.0

7.0

7.0

7.0

9.8

4.7

7.5

9.8

9.8

6.8

6.7

6.5

4.9

8.8

5.3

9.0

5.9

6.1

8.1

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable