Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-4594

    eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.... Read more

    Affected Products : population_health
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-4593

    eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creati... Read more

    Affected Products : population_health
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-4592

    eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.... Read more

    Affected Products : population_health
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-4591

    eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.... Read more

    Affected Products : population_health
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10126

    Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API ... Read more

    Affected Products : splunk
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-8106

    A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.... Read more

    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-10125

    D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.... Read more

    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5217

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install sess... Read more

    Affected Products : samsung_mobile
    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5216

    Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loade... Read more

    Affected Products : remote_control
    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2016-10124

    An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an ... Read more

    Affected Products : lxc
    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9885

    An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly ... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9879

    An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to... Read more

    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9869

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.... Read more

    Affected Products : scaleio
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9868

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavaila... Read more

    Affected Products : scaleio
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9867

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.... Read more

    Affected Products : scaleio
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-8706

    An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.... Read more

    Affected Products : memcached
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8705

    Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.... Read more

    Affected Products : memcached
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8704

    An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.... Read more

    Affected Products : memcached
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-8334

    A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.... Read more

    Affected Products : reader
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-5684

    An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious... Read more

    Affected Products : freeimage
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results