Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4049

    The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.... Read more

    Affected Products : leap opensuse quagga
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-4037

    The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-201... Read more

    Affected Products : ubuntu_linux fedora debian_linux qemu
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4001

    Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.... Read more

    Affected Products : ubuntu_linux fedora debian_linux qemu
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3959

    The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public k... Read more

    Affected Products : fedora leap go
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3958

    Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.... Read more

    Affected Products : go
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-3664

    Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : mobile_security mobile_security
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2855

    The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.... Read more

    Affected Products : mobile_broadband_hl_service
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8558

    The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.... Read more

    Affected Products : debian_linux qemu
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4951

    The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impa... Read more

    Affected Products : linux_kernel ubuntu_linux linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4913

    The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unsp... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4805

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a networ... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4794

    Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-4581

    fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mo... Read more

    Affected Products : linux_kernel ubuntu_linux linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4580

    The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Requ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-4578

    sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-4569

    The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer inte... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4568

    drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call... Read more

    Affected Products : linux_kernel
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4565

    The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interfac... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-4558

    The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4557

    The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF i... Read more

    Affected Products : linux_kernel
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293612 Results