Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-9120

    Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.28
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8967

    arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.07
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8966

    arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.18
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9920

    steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allow... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %44.83
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9919

    The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %2.70
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8104

    Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-8103

    SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.... Read more

    • EPSS Score: %0.04
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8102

    Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.... Read more

    Affected Products : wireless_bluetooth_drivers
    • EPSS Score: %0.04
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9918

    In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.... Read more

    Affected Products : bluez bluez
    • EPSS Score: %0.49
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9917

    In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.... Read more

    Affected Products : bluez
    • EPSS Score: %0.45
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9888

    An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.... Read more

    Affected Products : libgsf
    • EPSS Score: %0.35
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9839

    In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.... Read more

    Affected Products : mapserver mapserver
    • EPSS Score: %0.36
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8655

    Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %40.90
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2015-8870

    Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or R... Read more

    Affected Products : libtiff
    • EPSS Score: %0.74
    • Published: Dec. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-5341

    The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka inter... Read more

    Affected Products : android
    • EPSS Score: %0.23
    • Published: Dec. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8740

    The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted... Read more

    Affected Products : http_server
    • EPSS Score: %56.73
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9152

    Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.... Read more

    Affected Products : spip
    • EPSS Score: %0.25
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-7171

    NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.... Read more

    Affected Products : netapp_plug-in
    • EPSS Score: %0.18
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9836

    The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.37
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9835

    Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.... Read more

    Affected Products : zikula_application_framework
    • EPSS Score: %3.90
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292124 Results