Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2016-5434

    libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.... Read more

    Affected Products : pacman
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5026

    hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.... Read more

    Affected Products : onionshare
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-2402

    OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.... Read more

    Affected Products : okhttp okhttp3
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2399

    Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.... Read more

    Affected Products : libquicktime
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-2217

    The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.... Read more

    Affected Products : socat
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10087

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk ... Read more

    Affected Products : libpng
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-8034

    The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : salt
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.6

    MEDIUM
    CVE-2015-7331

    The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.... Read more

    Affected Products : mcollective-puppet-agent
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-2181

    Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.... Read more

    Affected Products : webmail
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-2180

    The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.... Read more

    Affected Products : webmail
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9939

    Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the fu... Read more

    Affected Products : debian_linux crypto\+\+
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7544

    Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.... Read more

    Affected Products : windows crypto\+\+
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-2519

    ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-2518

    The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.... Read more

    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-2517

    NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of tr... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-2516

    NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-8158

    The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2015-8140

    The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-8139

    ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.... Read more

    Affected Products : ntp
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-8138

    NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.... Read more

    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293182 Results