Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7052

    crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.... Read more

    • EPSS Score: %14.81
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6309

    statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.... Read more

    Affected Products : openssl
    • EPSS Score: %44.97
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-6308

    statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.... Read more

    Affected Products : openssl
    • EPSS Score: %28.58
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6307

    The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/stat... Read more

    Affected Products : openssl
    • EPSS Score: %15.71
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6306

    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.... Read more

    • EPSS Score: %9.36
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6305

    The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.... Read more

    Affected Products : openssl
    • EPSS Score: %33.46
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6304

    Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.... Read more

    • EPSS Score: %19.42
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6980

    Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.... Read more

    Affected Products : digital_editions
    • EPSS Score: %6.52
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6038

    Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.... Read more

    Affected Products : aix
    • EPSS Score: %0.22
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-6913

    Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.... Read more

    • EPSS Score: %0.20
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-6901

    Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authe... Read more

    • EPSS Score: %0.23
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6827

    Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    • EPSS Score: %0.11
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-6826

    Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.... Read more

    Affected Products : anyoffice_secureapp
    • EPSS Score: %0.19
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-6172

    PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.... Read more

    Affected Products : leap opensuse authoritative_server
    • EPSS Score: %0.01
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6153

    os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging ... Read more

    Affected Products : fedora leap sqlite
    • EPSS Score: %0.03
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6142

    SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.... Read more

    Affected Products : hana hana_db
    • EPSS Score: %1.22
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4972

    OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited f... Read more

    • EPSS Score: %3.93
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-3639

    SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.... Read more

    Affected Products : hana_db
    • EPSS Score: %0.36
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7162

    The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.... Read more

    Affected Products : ubuntu_linux file_roller
    • EPSS Score: %1.15
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-7142

    The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.... Read more

    Affected Products : debian_linux inspircd
    • EPSS Score: %0.14
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results