Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-9167

    NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.... Read more

    Affected Products : edirectory
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5758

    A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5757

    iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5756

    Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webac... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5755

    NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5754

    Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5752

    The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the origi... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5751

    An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5750

    The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5749

    NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5748

    External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.... Read more

    Affected Products : access_manager
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5747

    A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.... Read more

    Affected Products : edirectory
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-1603

    An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.... Read more

    Affected Products : netiq_idm_servicenow_driver
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1602

    A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (us... Read more

    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-1597

    A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.... Read more

    Affected Products : access_governance_suite
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7235

    An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.... Read more

    Affected Products : cloudflare-scrape
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6972

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.... Read more

    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-3864

    A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs du... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3859

    A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format strin... Read more

    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-3858

    A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters s... Read more

    Affected Products : ios_xe
    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293606 Results