Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-8504

    Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7893

    SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : galaxy_s6
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2014-9837

    coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2014-8716

    The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-8562

    DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-8355

    PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2014-8354

    The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2013-6647

    A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.... Read more

    Affected Products : chrome
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6088

    Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_func... Read more

    Affected Products : eyesofnetwork eonweb
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5322

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.... Read more

    Affected Products : debian_linux libtiff
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4989

    setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a craft... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4446

    The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4445

    The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutp... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4444

    The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1908

    The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding priv... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-5969

    libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only... Read more

    Affected Products : libxml2
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4483

    The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerabil... Read more

    Affected Products : debian_linux libxml2 solaris
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0779

    The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.... Read more

    Affected Products : tomee
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7462

    Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.... Read more

    Affected Products : nfc-30ir_firmware nfc-30ir
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-7461

    Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text... Read more

    Affected Products : nfc-30ir_firmware nfc-30ir
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293645 Results