Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-6501

    JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.... Read more

    Affected Products : artifactory
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6496

    The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.... Read more

    Affected Products : crowd
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6321

    Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_... Read more

    Affected Products : tar
    • Published: Dec. 09, 2016
    • Modified: Aug. 06, 2025

  • 8.1

    HIGH
    CVE-2016-9014

    Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.... Read more

    Affected Products : ubuntu_linux fedora django
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9013

    Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the databas... Read more

    Affected Products : ubuntu_linux fedora django
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6829

    The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access ... Read more

    Affected Products : barclamp-trove crowbar-openstack
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6523

    Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.... Read more

    Affected Products : dotclear
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6301

    The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.... Read more

    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8786

    The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.... Read more

    Affected Products : solaris rabbitmq
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8858

    The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not c... Read more

    Affected Products : openssh
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-9120

    Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8967

    arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.... Read more

    Affected Products : android linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8966

    arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9920

    steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allow... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9919

    The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8104

    Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.... Read more

    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-8103

    SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.... Read more

    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8102

    Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.... Read more

    Affected Products : wireless_bluetooth_drivers
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9918

    In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.... Read more

    Affected Products : bluez bluez
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9917

    In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.... Read more

    Affected Products : bluez
    • Published: Dec. 08, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293414 Results