Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-6874

    The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6873

    Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6872

    Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6871

    Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6870

    Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6252

    Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.... Read more

    Affected Products : shadow
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6191

    Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.... Read more

    Affected Products : sogo
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6190

    SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by ... Read more

    Affected Products : sogo
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6189

    Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.... Read more

    Affected Products : sogo
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5364

    Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.... Read more

    Affected Products : mantisbt
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5044

    The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5043

    The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5042

    The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5040

    libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5039

    The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5038

    The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5037

    The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5036

    The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5035

    The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5034

    dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.... Read more

    Affected Products : libdwarf
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293428 Results