Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2016-9103

    The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.... Read more

    Affected Products : debian_linux qemu
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-9102

    Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the sa... Read more

    Affected Products : debian_linux qemu
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-9101

    Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.... Read more

    Affected Products : debian_linux leap qemu
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6501

    JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.... Read more

    Affected Products : artifactory
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6496

    The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.... Read more

    Affected Products : crowd
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6321

    Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_... Read more

    Affected Products : tar
    • Published: Dec. 09, 2016
    • Modified: Aug. 06, 2025

  • 8.1

    HIGH
    CVE-2016-9014

    Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.... Read more

    Affected Products : ubuntu_linux fedora django
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9013

    Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the databas... Read more

    Affected Products : ubuntu_linux fedora django
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6829

    The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access ... Read more

    Affected Products : barclamp-trove crowbar-openstack
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6523

    Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.... Read more

    Affected Products : dotclear
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6301

    The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.... Read more

    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8786

    The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.... Read more

    Affected Products : solaris rabbitmq
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8858

    The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not c... Read more

    Affected Products : openssh
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-9120

    Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8967

    arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.... Read more

    Affected Products : android linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8966

    arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9920

    steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allow... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9919

    The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8104

    Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.... Read more

    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-8103

    SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.... Read more

    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292897 Results