Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2016-9035

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9034

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9033

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9032

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9031

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8733

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an... Read more

    Affected Products : smartos
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6277

    NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, ... Read more

    • Actively Exploited
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9215

    A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.... Read more

    Affected Products : ios_xr carrier_routing_system
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9214

    Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CS... Read more

    Affected Products : identity_services_engine_software
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9212

    A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or ... Read more

    Affected Products : web_security_appliance
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9211

    A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases... Read more

    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9210

    A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Rel... Read more

    Affected Products : unified_communications_manager
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-9209

    A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Applia... Read more

    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9208

    A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected ... Read more

    Affected Products : emergency_responder
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9207

    A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: ... Read more

    Affected Products : expressway
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9206

    A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.1000... Read more

    Affected Products : unified_communications_manager
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9205

    A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information... Read more

    Affected Products : ios_xr carrier_routing_system
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9204

    A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus993... Read more

    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9203

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2... Read more

    Affected Products : asr_5000_series_software asr_5000
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9202

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an... Read more

    Affected Products : email_security_appliance
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293261 Results