Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2016-6246

    OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6245

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6243

    thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6242

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6241

    Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6240

    Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6239

    The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4950

    Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.... Read more

    Affected Products : manager
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4949

    Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.... Read more

    Affected Products : manager
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4948

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Real... Read more

    Affected Products : manager
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-4947

    Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.... Read more

    Affected Products : hue
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4946

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.... Read more

    Affected Products : hue
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3159

    Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.... Read more

    Affected Products : camel
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9164

    Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read a... Read more

    Affected Products : unified_infrastructure_management
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9148

    Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.... Read more

    Affected Products : service_desk_manager
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7145

    The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.... Read more

    Affected Products : nefarious2
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6244

    The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5315

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.... Read more

    Affected Products : debian_linux libtiff
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10040

    Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.... Read more

    Affected Products : qxmlsimplereader
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2013-5653

    The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.... Read more

    Affected Products : debian_linux afpl_ghostscript
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293618 Results