Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-3625

    tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.64
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3624

    The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.... Read more

    Affected Products : libtiff
    • EPSS Score: %1.33
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3623

    The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.... Read more

    Affected Products : libtiff opensuse
    • EPSS Score: %1.58
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3622

    The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.91
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3621

    The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.68
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3620

    The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.59
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3619

    The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.92
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5180

    Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.... Read more

    • EPSS Score: %21.62
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4436

    Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.... Read more

    Affected Products : struts
    • EPSS Score: %6.12
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1240

    The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java pac... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %20.66
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-5995

    Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.... Read more

    Affected Products : linux_kernel aix hp-ux db2 db2_connect
    • EPSS Score: %0.05
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5986

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.44
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3042

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.20
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0617

    Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.... Read more

    Affected Products : linux linux
    • EPSS Score: %0.06
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-6651

    The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.... Read more

    • EPSS Score: %0.58
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-6647

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.18
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2016-6637

    Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x befor... Read more

    • EPSS Score: %0.12
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6636

    The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x ... Read more

    • EPSS Score: %0.24
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4386

    HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : network_automation
    • EPSS Score: %0.05
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4385

    The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC... Read more

    Affected Products : network_automation
    • EPSS Score: %4.91
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291728 Results