Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2016-4421

    epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies dee... Read more

    Affected Products : wireshark
    • EPSS Score: %0.52
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4420

    The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.11
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4419

    epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.12
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4418

    epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.16
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4417

    Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted pa... Read more

    Affected Products : wireshark
    • EPSS Score: %0.22
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4416

    epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.11
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4415

    wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.39
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8325

    The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted envi... Read more

    • EPSS Score: %0.08
    • Published: May. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2820

    The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-... Read more

    Affected Products : firefox
    • EPSS Score: %0.42
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2817

    The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to cond... Read more

    Affected Products : firefox
    • EPSS Score: %0.40
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2816

    Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.... Read more

    Affected Products : firefox
    • EPSS Score: %0.33
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2814

    Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via... Read more

    Affected Products : firefox firefox_esr
    • EPSS Score: %2.14
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2813

    Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via ... Read more

    Affected Products : android firefox
    • EPSS Score: %0.47
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2812

    Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash... Read more

    Affected Products : firefox
    • EPSS Score: %0.59
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2811

    Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.... Read more

    Affected Products : firefox
    • EPSS Score: %1.74
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-2810

    Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.... Read more

    Affected Products : android firefox
    • EPSS Score: %0.27
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-2809

    The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.... Read more

    Affected Products : firefox windows
    • EPSS Score: %0.45
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2808

    The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out... Read more

    Affected Products : firefox firefox_esr
    • EPSS Score: %0.68
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2807

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss... Read more

    • EPSS Score: %1.32
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2806

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via... Read more

    • EPSS Score: %1.32
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292508 Results