Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2015-8744

    QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash ... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %0.07
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8743

    QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QE... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %0.06
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8701

    QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MA... Read more

    Affected Products : qemu
    • EPSS Score: %0.07
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-9891

    Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).... Read more

    Affected Products : dotclear
    • EPSS Score: %0.36
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10081

    /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.... Read more

    Affected Products : shutter
    • EPSS Score: %3.39
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-0854

    App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.... Read more

    Affected Products : shutter
    • EPSS Score: %0.47
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9878

    An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.... Read more

    Affected Products : spring_framework spring_framework
    • EPSS Score: %4.93
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9877

    An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pai... Read more

    Affected Products : rabbitmq rabbitmq rabbitmq_server
    • EPSS Score: %0.33
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-7463

    Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.... Read more

    Affected Products : esxi
    • EPSS Score: %0.18
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2016-7462

    The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserializa... Read more

    Affected Products : vrealize_operations
    • EPSS Score: %1.67
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7461

    The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a ... Read more

    • EPSS Score: %0.15
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-7460

    The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity d... Read more

    Affected Products : vrealize_automation
    • EPSS Score: %2.01
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-7459

    VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunc... Read more

    Affected Products : vcenter_server
    • EPSS Score: %0.55
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-7458

    VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML Extern... Read more

    Affected Products : vsphere_client
    • EPSS Score: %0.45
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-7457

    VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.... Read more

    Affected Products : vrealize_operations
    • EPSS Score: %1.51
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7456

    VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.... Read more

    Affected Products : vsphere_data_protection
    • EPSS Score: %82.12
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-7087

    Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : windows horizon_view
    • EPSS Score: %2.39
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7086

    The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.... Read more

    • EPSS Score: %0.04
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7085

    Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.14
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7084

    tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of se... Read more

    • EPSS Score: %1.21
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292508 Results