Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-6903

    In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger l... Read more

    Affected Products : ioquake3
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3899

    SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.... Read more

    Affected Products : advanced_threat_defense
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2016-8027

    SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonat... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8026

    Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.... Read more

    Affected Products : security_scan_plus
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-8025

    SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-8024

    Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-8023

    Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8022

    Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2016-8021

    Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8020

    Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8019

    Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.0

    MEDIUM
    CVE-2016-8018

    Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2016-8017

    Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-8016

    Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8012

    Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.... Read more

    Affected Products : data_loss_prevention_endpoint
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8011

    Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.... Read more

    Affected Products : endpoint_security_web_control
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8010

    Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.... Read more

    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8009

    Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.... Read more

    Affected Products : application_control
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8008

    Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system.... Read more

    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2016-8007

    Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.... Read more

    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293582 Results