Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7798

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.... Read more

    Affected Products : debian_linux openssl openssl
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6604

    NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.... Read more

    Affected Products : android exynos_fimg2d
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-6270

    The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to a... Read more

    Affected Products : virtual_mobile_infrastructure
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-6269

    Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6268

    Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6267

    SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGr... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6266

    ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey para... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6167

    Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.... Read more

    Affected Products : putty
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-5434

    libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.... Read more

    Affected Products : pacman
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5026

    hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.... Read more

    Affected Products : onionshare
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-2402

    OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.... Read more

    Affected Products : okhttp okhttp3
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2399

    Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.... Read more

    Affected Products : libquicktime
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-2217

    The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.... Read more

    Affected Products : socat
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10087

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk ... Read more

    Affected Products : libpng
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-8034

    The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : salt
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.6

    MEDIUM
    CVE-2015-7331

    The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.... Read more

    Affected Products : mcollective-puppet-agent
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-2181

    Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.... Read more

    Affected Products : webmail
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-2180

    The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.... Read more

    Affected Products : webmail
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9939

    Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the fu... Read more

    Affected Products : debian_linux crypto\+\+
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7544

    Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.... Read more

    Affected Products : windows crypto\+\+
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293350 Results