Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-7848

    An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When... Read more

    • Published: Jan. 06, 2017
    • Modified: May. 23, 2025

  • 10.0

    HIGH
    CVE-2015-2868

    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can ove... Read more

    Affected Products : comfortlink_ii_firmware
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2867

    A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.... Read more

    Affected Products : comfortlink_ii_firmware
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5179

    Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : nessus
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2016-8006

    Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information ... Read more

    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6892

    The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.... Read more

    Affected Products : matrixssl
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6891

    MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.... Read more

    Affected Products : matrixssl
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6890

    Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.... Read more

    Affected Products : matrixssl
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-3441

    The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.... Read more

    Affected Products : drgos
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9754

    The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buff... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-10030

    The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user ... Read more

    Affected Products : slurm
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-7169

    Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted url... Read more

    Affected Products : wordpress
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 4.8

    MEDIUM
    CVE-2016-7168

    Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image ... Read more

    Affected Products : wordpress
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-10012

    The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxe... Read more

    Affected Products : openssh
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-10011

    authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.... Read more

    Affected Products : openssh
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-10010

    sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.... Read more

    Affected Products : openssh
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10009

    Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.... Read more

    Affected Products : openssh
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7903

    Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.... Read more

    Affected Products : dotclear
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7902

    Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted ext... Read more

    Affected Products : dotclear
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7399

    scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLi... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results