Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-9917

    In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.... Read more

    Affected Products : bluez
    • EPSS Score: %0.45
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9888

    An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.... Read more

    Affected Products : libgsf
    • EPSS Score: %0.35
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9839

    In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.... Read more

    Affected Products : mapserver mapserver
    • EPSS Score: %0.36
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8655

    Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %37.49
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-8870

    Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or R... Read more

    Affected Products : libtiff
    • EPSS Score: %0.74
    • Published: Dec. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-5341

    The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka inter... Read more

    Affected Products : android
    • EPSS Score: %0.23
    • Published: Dec. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8740

    The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted... Read more

    Affected Products : http_server
    • EPSS Score: %56.73
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9152

    Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.... Read more

    Affected Products : spip
    • EPSS Score: %0.25
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-7171

    NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.... Read more

    Affected Products : netapp_plug-in
    • EPSS Score: %0.18
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9836

    The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.37
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9835

    Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.... Read more

    Affected Products : zikula_application_framework
    • EPSS Score: %3.90
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9157

    A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.... Read more

    Affected Products : sicam_pas\/pqs
    • EPSS Score: %1.46
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9156

    A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.... Read more

    Affected Products : sicam_pas\/pqs
    • EPSS Score: %0.50
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9804

    In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "f... Read more

    Affected Products : bluez
    • EPSS Score: %0.36
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9803

    In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.... Read more

    Affected Products : bluez
    • EPSS Score: %0.16
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9802

    In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.... Read more

    Affected Products : bluez
    • EPSS Score: %0.48
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9801

    In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.... Read more

    Affected Products : bluez
    • EPSS Score: %0.34
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9800

    In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "... Read more

    Affected Products : bluez
    • EPSS Score: %0.39
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9799

    In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.... Read more

    Affected Products : bluez
    • EPSS Score: %0.48
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-9798

    In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.... Read more

    Affected Products : bluez
    • EPSS Score: %0.49
    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292095 Results