Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2016-4331

    When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.... Read more

    Affected Products : hdf5
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4330

    In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.... Read more

    Affected Products : hdf5
    • Published: Nov. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9376

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values we... Read more

    Affected Products : debian_linux wireshark
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9375

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.... Read more

    Affected Products : debian_linux wireshark
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9374

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly t... Read more

    Affected Products : debian_linux wireshark
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9373

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by... Read more

    Affected Products : debian_linux wireshark
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-9372

    In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.... Read more

    Affected Products : wireshark
    • Published: Nov. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-7917

    The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a deni... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7916

    Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environmen... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7915

    The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as dem... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-7914

    The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (inv... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7913

    The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain dat... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7912

    Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7911

    Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7910

    Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had faile... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8964

    The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2015-8963

    Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8962

    Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioc... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8961

    The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9318

    libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XM... Read more

    Affected Products : ubuntu_linux libxml2 xmlsec
    • Published: Nov. 16, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292894 Results