Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-8820

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the s... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8819

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation ... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8818

    All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential esca... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8817

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a b... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8816

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denia... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8815

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denia... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8814

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of ... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8813

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of ... Read more

    Affected Products : windows gpu_driver
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9967

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9966

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9965

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9964

    redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.... Read more

    Affected Products : debian_linux bottle
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9838

    An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and res... Read more

    Affected Products : joomla\!
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9837

    An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly ac... Read more

    Affected Products : joomla\!
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-6657

    An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops M... Read more

    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-6656

    An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have super... Read more

    Affected Products : greenplum
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2016-3129

    A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS... Read more

    Affected Products : good_enterprise_mobility_server
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-1430

    An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key... Read more

    Affected Products : debian_linux xrdp
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9566

    base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.... Read more

    Affected Products : nagios
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9565

    MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incom... Read more

    Affected Products : nagios
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292802 Results