Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-8812

    drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.... Read more

    • Published: Apr. 27, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-7515

    The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 27, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2015-1339

    Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.... Read more

    • Published: Apr. 27, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4002

    Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary co... Read more

    Affected Products : ubuntu_linux fedora debian_linux qemu
    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3082

    XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.... Read more

    Affected Products : struts
    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3081

    Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.... Read more

    Affected Products : struts siebel_e-billing
    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3074

    Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.... Read more

    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1601

    yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecifie... Read more

    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-2346

    Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.... Read more

    Affected Products : pl\/sql_developer
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2333

    SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging... Read more

    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-2332

    flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.... Read more

    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2331

    The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1202

    Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.... Read more

    Affected Products : electron electron
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2016-1185

    The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.... Read more

    Affected Products : kintone
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4054

    Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4053

    Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4052

    Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.... Read more

    Affected Products : ubuntu_linux squid
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4051

    Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8852

    Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with... Read more

    Affected Products : debian_linux varnish_cache
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4085

    Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string ... Read more

    Affected Products : debian_linux wireshark solaris
    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292811 Results