Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-7913

    The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain dat... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7912

    Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7911

    Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7910

    Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had faile... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8964

    The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2015-8963

    Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8962

    Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioc... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8961

    The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9318

    libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XM... Read more

    Affected Products : ubuntu_linux libxml2 xmlsec
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2016-7165

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (Al... Read more

    • Published: Nov. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-5763

    Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10... Read more

    • Published: Nov. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0909

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.... Read more

    • Published: Nov. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-8661

    Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related... Read more

    Affected Products : little_snitch little_snitch
    • Published: Nov. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9287

    In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Im... Read more

    Affected Products : exponent_cms
    • Published: Nov. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8908

    SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8907

    SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8906

    SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8905

    SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8904

    SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8903

    SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • Published: Nov. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results