Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-8650

    The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8646

    The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8645

    The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-8633

    drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.79
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8632

    The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8630

    The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8970

    crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer derefere... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-1328

    The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by lev... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %89.38
    • Published: Nov. 28, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-2929

    IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.45
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2928

    IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.18
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-2927

    IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on e... Read more

    Affected Products : bigfix_remote_control
    • EPSS Score: %0.18
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2926

    Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 be... Read more

    • EPSS Score: %0.54
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0319

    The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external enti... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.55
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-0318

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.36
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0317

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.21
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0316

    Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.17
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9452

    The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.... Read more

    Affected Products : drupal
    • EPSS Score: %0.80
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-9451

    Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.... Read more

    Affected Products : drupal
    • EPSS Score: %0.19
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9450

    The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.... Read more

    Affected Products : drupal
    • EPSS Score: %0.23
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-9449

    The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.... Read more

    Affected Products : drupal
    • EPSS Score: %0.35
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292124 Results