Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9307

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9306

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9305

    Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9304

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9303

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5594

    An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7... Read more

    Affected Products : pagekit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8215

    EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : rsa_security_analytics
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2016-8214

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.... Read more

    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10162

    The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML... Read more

    Affected Products : php
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10161

    The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that... Read more

    Affected Products : php
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10160

    Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive wit... Read more

    Affected Products : debian_linux clustered_data_ontap php
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10159

    Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR ar... Read more

    Affected Products : debian_linux php
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10158

    The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the... Read more

    Affected Products : php
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5495

    All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabl... Read more

    Affected Products : quagga
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2972

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitra... Read more

    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2971

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2970

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code... Read more

    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2929

    Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.... Read more

    Affected Products : acrobat windows
    • Published: Jan. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5372

    The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServi... Read more

    Affected Products : netweaver
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5371

    Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292916 Results