Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.5

    HIGH
    CVE-2016-6876

    The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.... Read more

    • EPSS Score: %0.89
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 6.1

    MEDIUM
    CVE-2016-6839

    CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.... Read more

    Affected Products : fusionaccess
    • EPSS Score: %0.15
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2016-6838

    Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC... Read more

    • EPSS Score: %0.12
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 9.8

    CRITICAL
    CVE-2016-6825

    Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R00... Read more

    • EPSS Score: %0.37
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 5.3

    MEDIUM
    CVE-2016-6670

    Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging know... Read more

    • EPSS Score: %0.14
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.8

    HIGH
    CVE-2016-6318

    Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.... Read more

    Affected Products : debian_linux leap cracklib
    • EPSS Score: %3.52
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2016-6317

    Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions ... Read more

    Affected Products : rails activerecord
    • EPSS Score: %0.38
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 6.1

    MEDIUM
    CVE-2016-6316

    Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attri... Read more

    Affected Products : debian_linux rails ruby_on_rails
    • EPSS Score: %2.19
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.0

    HIGH
    CVE-2016-6184

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges ... Read more

    Affected Products : honor_4c_firmware honor_4c
    • EPSS Score: %0.05
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.0

    HIGH
    CVE-2016-6183

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges ... Read more

    Affected Products : honor_4c_firmware honor_4c
    • EPSS Score: %0.05
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 9.3

    HIGH
    CVE-2016-6182

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges ... Read more

    Affected Products : honor_4c_firmware honor_4c
    • EPSS Score: %0.10
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.0

    HIGH
    CVE-2016-6181

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges ... Read more

    Affected Products : honor_4c_firmware honor_4c
    • EPSS Score: %0.05
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.0

    HIGH
    CVE-2016-6180

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges ... Read more

    Affected Products : honor_4c_firmware honor_4c
    • EPSS Score: %0.05
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 8.8

    HIGH
    CVE-2016-5422

    The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.... Read more

    Affected Products : jboss_operations_network
    • EPSS Score: %0.68
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 9.8

    CRITICAL
    CVE-2016-5022

    F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.... Read more

    • EPSS Score: %1.30
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 4.4

    MEDIUM
    CVE-2016-1242

    file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.... Read more

    Affected Products : trytond tryton
    • EPSS Score: %0.21
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 5.3

    MEDIUM
    CVE-2016-1241

    Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.... Read more

    Affected Products : trytond tryton
    • EPSS Score: %0.24
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 8.8

    HIGH
    CVE-2016-7034

    The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cr... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.04
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 6.1

    MEDIUM
    CVE-2016-7033

    Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.35
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
  • 7.5

    HIGH
    CVE-2016-6855

    Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF... Read more

    • EPSS Score: %2.55
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results