Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2016-6786

    kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-6213

    fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a lo... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2012-6704

    The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified o... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10072

    WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly e... Read more

    Affected Products : wampserver
    • Published: Dec. 27, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10031

    WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privil... Read more

    Affected Products : wampserver
    • Published: Dec. 27, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9224

    A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0).... Read more

    Affected Products : jabber_guest
    • Published: Dec. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9223

    A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vu... Read more

    Affected Products : cloudcenter_orchestrator
    • Published: Dec. 26, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9217

    A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3... Read more

    Affected Products : intercloud_fabric
    • Published: Dec. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-9681

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.... Read more

    Affected Products : serendipity
    • Published: Dec. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10041

    An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, vali... Read more

    Affected Products : sprecon-e_service_program
    • Published: Dec. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-10006

    In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.... Read more

    Affected Products : antisamy
    • Published: Dec. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10039

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.... Read more

    Affected Products : modx_revolution
    • Published: Dec. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10038

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.... Read more

    Affected Products : modx_revolution
    • Published: Dec. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10037

    Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.... Read more

    Affected Products : modx_revolution
    • Published: Dec. 24, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9923

    Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resul... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9921

    Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to cr... Read more

    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9912

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host me... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9911

    Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS f... Read more

    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-9908

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the ho... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9907

    Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, r... Read more

    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293289 Results