Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-2849

    Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.... Read more

    Affected Products : fedora debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2196

    Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.... Read more

    Affected Products : botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2195

    Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.... Read more

    Affected Products : debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2194

    The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.... Read more

    Affected Products : debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2099

    Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.... Read more

    Affected Products : opensuse xerces-c\+\+
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1580

    The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap... Read more

    Affected Products : ubuntu_linux ubuntu-core-launcher
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1578

    Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.... Read more

    Affected Products : ubuntu_linux oxide
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7827

    Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.... Read more

    Affected Products : fedora debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5727

    The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.... Read more

    Affected Products : debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5726

    The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.... Read more

    Affected Products : debian_linux botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9742

    The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.... Read more

    Affected Products : botan
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2010-5326

    The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 20... Read more

    • Actively Exploited
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2016-4499

    Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.... Read more

    Affected Products : fpwin_pro
    • Published: May. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-4498

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : fpwin_pro
    • Published: May. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-4497

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."... Read more

    Affected Products : fpwin_pro
    • Published: May. 12, 2016
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2016-4496

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.... Read more

    Affected Products : fpwin_pro
    • Published: May. 12, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-1393

    SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.... Read more

    • Published: May. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3712

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3710

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" i... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1236

    Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a rep... Read more

    Affected Products : debian_linux websvn
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293497 Results