Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-1308

    SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-1307

    The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.... Read more

    • EPSS Score: %0.16
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1305

    Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.... Read more

    • EPSS Score: %0.25
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-1302

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intend... Read more

    • EPSS Score: %0.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1301

    The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, ak... Read more

    • EPSS Score: %0.28
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6398

    Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.... Read more

    Affected Products : gs1900-10hp_firmware nx-os
    • EPSS Score: %0.61
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-0813

    packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers t... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-0812

    The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows phy... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0811

    Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0810

    media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining ... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0809

    Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted ap... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2016-0808

    Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that trigg... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0807

    The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0806

    The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0805

    The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0804

    The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0803

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0802

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %6.75
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0801

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %46.03
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1311

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.... Read more

    Affected Products : jabber_guest
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results