Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-3905

    CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm i... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3903

    drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Andr... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3902

    drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm intern... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3901

    Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka An... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3900

    cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a cr... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3882

    Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2)... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3860

    sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 2932314... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-8956

    The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.04
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2015-8955

    arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8951

    Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka An... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8950

    arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggerin... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.15
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2015-0572

    Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1000007

    Pagure 2.2.1 XSS in raw file endpoint... Read more

    Affected Products : pagure
    • EPSS Score: %0.24
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000003

    Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.... Read more

    Affected Products : mirror_manager
    • EPSS Score: %2.60
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-1000001

    flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect... Read more

    Affected Products : flask-oidc
    • EPSS Score: %0.18
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2016-7777

    Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hyperv... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7424

    The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.... Read more

    Affected Products : debian_linux libav
    • EPSS Score: %0.24
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7167

    Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-b... Read more

    Affected Products : fedora curl libcurl
    • EPSS Score: %2.27
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-7040

    Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the abil... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.64
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6323

    The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as ... Read more

    Affected Products : fedora opensuse glibc
    • EPSS Score: %1.13
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291722 Results