Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-6462

    A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected devi... Read more

    Affected Products : email_security_appliance_firmware
    • EPSS Score: %0.18
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6461

    A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected... Read more

    • EPSS Score: %0.34
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6460

    A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an ... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.23
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6459

    Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed R... Read more

    Affected Products : telepresence_tc_software
    • EPSS Score: %0.59
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6458

    A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been fi... Read more

    Affected Products : email_security_appliance_firmware
    • EPSS Score: %0.22
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6457

    A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability af... Read more

    • EPSS Score: %0.36
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-6450

    A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are runn... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.06
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8562

    A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be... Read more

    • Actively Exploited
    • EPSS Score: %14.58
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-8561

    A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access... Read more

    • EPSS Score: %0.55
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4333

    The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's i... Read more

    Affected Products : hdf5
    • EPSS Score: %0.11
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4332

    The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write o... Read more

    Affected Products : hdf5
    • EPSS Score: %0.07
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4331

    When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.14
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4330

    In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.11
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9376

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values we... Read more

    Affected Products : debian_linux wireshark
    • EPSS Score: %1.48
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9375

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.... Read more

    Affected Products : debian_linux wireshark
    • EPSS Score: %1.48
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9374

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly t... Read more

    Affected Products : debian_linux wireshark
    • EPSS Score: %1.22
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9373

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by... Read more

    Affected Products : debian_linux wireshark
    • EPSS Score: %1.22
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9372

    In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.38
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-7917

    The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a deni... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.16
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7916

    Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environmen... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292485 Results