Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-5126

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.... Read more

    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4945

    Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.... Read more

    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4810

    Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.... Read more

    Affected Products : xenapp xendesktop
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-4454

    The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, w... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-4453

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4423

    The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored ... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1902

    The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseu... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8875

    Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or ... Read more

    Affected Products : debian_linux gdk-pixbuf
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-4432

    The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.... Read more

    Affected Products : qpid_broker-j qpid_java
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3697

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.... Read more

    Affected Products : docker opensuse runc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-3094

    PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught e... Read more

    Affected Products : qpid_broker-j qpid_java
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3088

    The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.... Read more

    Affected Products : activemq
    • Actively Exploited
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3075

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.... Read more

    Affected Products : ubuntu_linux fedora opensuse glibc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2175

    Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.... Read more

    Affected Products : debian_linux pdfbox
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1234

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.... Read more

    Affected Products : fedora leap opensuse glibc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-4500

    Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.... Read more

    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0288

    IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity referen... Read more

    Affected Products : security_appscan
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4785

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4784

    A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4521

    Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293349 Results