Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2016-8669

    The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than ba... Read more

    • EPSS Score: %0.07
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8668

    The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.... Read more

    Affected Products : leap qemu
    • EPSS Score: %0.16
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8667

    The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.08
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8578

    The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operat... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.12
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8577

    Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.12
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8576

    The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Bloc... Read more

    • EPSS Score: %0.11
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9190

    Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %0.57
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9189

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %0.36
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9188

    Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.... Read more

    Affected Products : moodle
    • EPSS Score: %0.29
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9187

    Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecifie... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9186

    Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecif... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-9185

    In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.... Read more

    Affected Products : heat
    • EPSS Score: %0.53
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9184

    In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do no... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.53
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9183

    In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.48
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9182

    Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by defau... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.18
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9177

    Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.... Read more

    Affected Products : spark
    • EPSS Score: %1.57
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9176

    Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.... Read more

    Affected Products : rumba
    • EPSS Score: %0.97
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6455

    A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial o... Read more

    Affected Products : asr_5000_software asr_5500
    • EPSS Score: %0.78
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6454

    A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Aff... Read more

    • EPSS Score: %0.16
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-6453

    A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).... Read more

    Affected Products : identity_services_engine
    • EPSS Score: %0.34
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292495 Results