Recent

VulDB is the number 1 vulnerability database documenting more than 89000 vulnerabilities since 1979. A team of experts is looking for newly disclosed vulnerabilities on a daily basis. After the analysis of the technical capabilities the issue is documented in the database. This kind makes it possible for administrators and security experts to deal with the fast moving vulnerability market. The following list shows the latest entries.

Total: 89169
Recent: 3 (48 hours)
Updates: 147 (48 hours)

07/27/2016 XenSource Xen Virtio Request Handler denial of service [CVE-2016-5403]

A vulnerability was found in XenSource Xen 4.4.x/4.5.x/4.6.x/4.7.x. It has been rated as problematic. Affected by this issue is an unknown function of the component Virtio Request Handler. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

07/28/2016 Apache Archiva addProxyConnector_commit.action cross site scripting

A vulnerability was found in Apache Archiva up to 1.3.9. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file admin/addProxyConnector_commit.action. Upgrading to version 2.2.1 eliminates this vulnerability.
75.3% complete

07/28/2016 Apache Archiva addProxyConnector_commit.action cross site request forgery

A vulnerability was found in Apache Archiva up to 1.3.9. It has been classified as problematic. Affected is an unknown function of the file admin/addProxyConnector_commit.action. Upgrading to version 2.2.1 eliminates this vulnerability.
75.8% complete

07/21/2016 Apache OpenOffice Impress File Handler buffer overflow [CVE-2016-1513]

A vulnerability was found in Apache OpenOffice up to 4.1.2 and classified as critical. This issue affects an unknown function of the component Impress File Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at bz.apache.org.
76.8% complete

07/26/2016 IBM AIX TLS information disclosure [CVE-2016-0266]

A vulnerability has been found in IBM AIX 5.3/6.1/7.1/7.2 and classified as critical. This vulnerability affects an unknown function of the component TLS. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.8% complete

07/26/2016 IBM AIX TLS weak authentication [CVE-2015-7575]

A vulnerability, which was classified as critical, was found in IBM AIX 5.3/6.1/7.1/7.2. This affects an unknown function of the component TLS. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.8% complete

07/26/2016 IBM DB2 LUW Spectrum Scale GUI Password information disclosure

A vulnerability, which was classified as critical, has been found in IBM DB2 10.1/10.5/11.1. Affected by this issue is an unknown function of the component LUW Spectrum Scale GUI. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/26/2016 IBM WebSphere Portal cross site scripting [CVE-2016-2925]

A vulnerability classified as problematic was found in IBM WebSphere Portal 6.1/7.0.0.2/8.0.0.1/8.5. Affected by this vulnerability is an unknown function. Applying the patch APAR PI62749 is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

07/28/2016 Rockwell FactoryTalk EnergyMetrix Logout Handler privilege escalation

A vulnerability classified as critical has been found in Rockwell FactoryTalk EnergyMetrix up to 2.19. Affected is an unknown function of the component Logout Handler. Upgrading to version 2.20.00 eliminates this vulnerability.
71.2% complete

07/28/2016 Rockwell FactoryTalk EnergyMetrix sql injection [CVE-2016-4522]

A vulnerability was found in Rockwell FactoryTalk EnergyMetrix up to 2.19. It has been rated as critical. This issue affects an unknown function. Upgrading to version 2.20.00 eliminates this vulnerability.
70.2% complete

07/28/2016 Cisco Videoscape Session Resource Manager Flooding denial of service

A vulnerability was found in Cisco Videoscape Session Resource Manager (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown function. It is possible to mitigate the weakness by firewalling .
71.7% complete

07/28/2016 Cisco Nexus 1000V Discovery Protocol Packet Handler Out-of-Bounds buffer

A vulnerability was found in Cisco Nexus 1000V up to 5.2. It has been classified as critical. This affects an unknown function of the component Discovery Protocol Packet Handler. Upgrading to version 5.2(1)SV3(1.5i) eliminates this vulnerability.
73.7% complete

07/28/2016 Cisco FireSIGHT System Software Snort Rule Handler privilege escalation

A vulnerability was found in Cisco FireSIGHT System Software 5.3.0/5.3.1/5.4.0/6.0/6.0.1 and classified as critical. Affected by this issue is an unknown function of the component Snort Rule Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.7% complete

07/28/2016 Cisco Prime Service Catalog Web Management Interface cross site scripting

A vulnerability has been found in Cisco Prime Service Catalog 11.0 and classified as problematic. Affected by this vulnerability is an unknown function of the component Web Management Interface. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.7% complete

07/28/2016 Cisco Wireless LAN Controller Wireless Management Frame Handler denial of

A vulnerability, which was classified as problematic, was found in Cisco Wireless LAN Controller 7.4(121.0)/8.0(0.30220.385). Affected is an unknown function of the component Wireless Management Frame Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.2% complete

07/28/2016 Cisco Unified Computing System Web Framework privilege escalation

A vulnerability, which was classified as critical, has been found in Cisco Unified Computing System up to 2.0.0. This issue affects an unknown function of the component Web Framework. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.2% complete

07/26/2016 cronic cronic.trace.$$ privilege escalation

A vulnerability classified as problematic was found in cronic. This vulnerability affects an unknown function of the file cronic.out.$$/cronic.err.$$/cronic.trace.$$. Upgrading to version 3 eliminates this vulnerability.
72.2% complete

07/26/2016 Cavium SDK RSA-CRT Side-Channel information disclosure

A vulnerability classified as problematic has been found in Cavium SDK 2.x on OCTEON II CN6xxx. This affects an unknown function of the component RSA-CRT. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
74.7% complete

07/26/2016 XenSource Xen SMAP Safety Check Crash denial of service

A vulnerability was found in XenSource Xen 4.5.x/4.6.x/4.7.x. It has been rated as problematic. Affected by this issue is an unknown function of the component SMAP Safety Check. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
78.8% complete

07/26/2016 XenSource Xen PV Pagetable Updater privilege escalation [CVE-2016-6258]

A vulnerability was found in XenSource Xen 4.3.x/4.4.x/4.5.x/4.6.x/4.7.x. It has been declared as critical. Affected by this vulnerability is an unknown function of the component PV Pagetable Updater. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 MIT Kerberos 5 KDC Service validate_as_request() denial of service

A vulnerability was found in MIT Kerberos 5 up to 1.14.2. It has been classified as problematic. Affected is the function validate_as_request() of the component KDC Service. Upgrading to version 1.14.3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/25/2016 Perl Module Loader privilege escalation [CVE-2016-1238]

A vulnerability was found in Perl up to 5.22.3-RC1/5.24.1-RC1 and classified as problematic. This issue affects an unknown function of the component Module Loader. Upgrading to version 5.22.3-RC2 or 5.24.1-RC2 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/25/2016 International Components for Unicode uloc.cpp uloc_acceptLanguageFromHTTP

A vulnerability, which was classified as critical, was found in International Components for Unicode up to 57.1. This affects the function uloc_acceptLanguageFromHTTP of the file common/uloc.cpp. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.2% complete

07/26/2016 CA eHealth privilege escalation [CVE-2016-6152]

A vulnerability was found in CA eHealth up to 6.2.x/6.3.2.12. It has been classified as critical. This affects an unknown function. Upgrading to version 6.3.2.13 eliminates this vulnerability.
70.7% complete

07/26/2016 CA eHealth privilege escalation [CVE-2016-6151]

A vulnerability was found in CA eHealth 6.2.x and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
69.7% complete

07/15/2016 Linux Kernel mb86a20s.c mb86a20s_read_status denial of service

A vulnerability has been found in Linux Kernel (the affected version is unknown) and classified as problematic. Affected by this vulnerability is the function mb86a20s_read_status of the file drivers/media/dvb-frontends/mb86a20s.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.linuxtv.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
78.8% complete

07/13/2016 OX Software Open-Xchange OX Documents Spreadsheet Handler cross site scripting

A vulnerability was found in OX Software Open-Xchange up to 7.8.1 and classified as problematic. Affected by this issue is an unknown function of the component OX Documents Spreadsheet Handler. Upgrading to version 7.6.2-rev15, 7.6.3-rev3, 7.8.0-rev9 or 7.8.1-rev9 eliminates this vulnerability.
74.7% complete

07/13/2016 OX Software Open-Xchange Adobe Flash File Handler cross site scripting

A vulnerability has been found in OX Software Open-Xchange up to 7.8.1 and classified as problematic. Affected by this vulnerability is an unknown function of the component Adobe Flash File Handler. Upgrading to version 7.6.2-rev55, 7.6.3-rev12, 7.8.0-rev32 or 7.8.1-rev14 eliminates this vulnerability.
74.7% complete

07/13/2016 OX Software Open-Xchange Image Handler cross site scripting [CVE-2016-5124]

A vulnerability, which was classified as problematic, was found in OX Software Open-Xchange up to 7.8.1. Affected is an unknown function of the component Image Handler. Upgrading to version 7.6.2-rev44, 7.6.3-rev13, 7.8.0-rev25 or 7.8.1-rev12 eliminates this vulnerability.
75.3% complete

07/08/2016 Apache Archiva Header Handler denial of service [CVE-2016-5004]

A vulnerability, which was classified as problematic, has been found in Apache Archiva (the affected version is unknown). This issue affects an unknown function of the component Header Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
73.2% complete

07/08/2016 Apache Archiva Deserialize Handler privilege escalation [CVE-2016-5003]

A vulnerability classified as critical was found in Apache Archiva (the affected version is unknown). This vulnerability affects an unknown function of the component Deserialize Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.2% complete

07/08/2016 Apache Archiva XML DTD Handler Connection privilege escalation

A vulnerability classified as critical has been found in Apache Archiva (the affected version is unknown). This affects an unknown function of the component XML DTD Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
76.8% complete

07/13/2016 Palo Alto PAN-OS root_reboot privilege escalation

A vulnerability was found in Palo Alto PAN-OS up to 5.0.18/5.1.11/6.0.13/6.1.11/7.0.7 and classified as problematic. Affected by this issue is the function root_reboot. Upgrading to version 5.0.19, 5.1.12, 6.0.14, 6.1.12 or 7.0.8 eliminates this vulnerability.
76.8% complete

07/22/2016 libarchive ISO9660 Archive Handler iso9660.c isoent_gen_joliet_identifier

A vulnerability has been found in libarchive up to 3.2.0 and classified as critical. Affected by this vulnerability is the function isoent_gen_joliet_identifier of the file iso9660.c of the component ISO9660 Archive Handler. Upgrading to version 3.2.1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
80.8% complete

07/20/2016 Google Chrome privilege escalation [CVE-2016-1705]

A vulnerability, which was classified as critical, was found in Google Chrome up to 52.0.2743. Affected is an unknown function. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/20/2016 Google Chrome HSTS/CSP History information disclosure

A vulnerability, which was classified as problematic, has been found in Google Chrome up to 52.0.2743. This issue affects an unknown function of the component HSTS/CSP. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Extension Use-After-Free buffer overflow

A vulnerability classified as critical was found in Google Chrome up to 52.0.2743. This vulnerability affects an unknown function of the component Extension. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Content Security Policy privilege escalation [CVE-2016-5135]

A vulnerability classified as critical has been found in Google Chrome up to 52.0.2743. This affects an unknown function of the component Content Security Policy. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/20/2016 Google Chrome PAC Script URL information disclosure

A vulnerability was found in Google Chrome up to 52.0.2743. It has been rated as problematic. Affected by this issue is an unknown function of the component PAC Script. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
78.3% complete

07/20/2016 Google Chrome Proxy Authentication Origin privilege escalation

A vulnerability was found in Google Chrome up to 52.0.2743. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Proxy Authentication. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Service Worker Same-Origin Policy privilege escalation

A vulnerability was found in Google Chrome up to 52.0.2743. It has been classified as critical. Affected is an unknown function of the component Service Worker. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome libxml Use-After-Free buffer overflow

A vulnerability was found in Google Chrome up to 52.0.2743 and classified as critical. This issue affects an unknown function of the component libxml. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome URL Handler spoofing [CVE-2016-5130]

A vulnerability has been found in Google Chrome up to 52.0.2743 and classified as critical. This vulnerability affects an unknown function of the component URL Handler. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/20/2016 Google Chrome v8 buffer overflow [CVE-2016-5129]

A vulnerability, which was classified as critical, was found in Google Chrome up to 52.0.2743. This affects an unknown function of the component v8. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/20/2016 Google Chrome v8 Same-Origin Policy privilege escalation

A vulnerability, which was classified as critical, has been found in Google Chrome up to 52.0.2743. Affected by this issue is an unknown function of the component v8. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.3% complete

07/20/2016 Google Chrome Blink Use-After-Free buffer overflow

A vulnerability classified as critical was found in Google Chrome up to 52.0.2743. Affected by this vulnerability is an unknown function of the component Blink. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Blink Same-Origin Policy privilege escalation

A vulnerability classified as critical has been found in Google Chrome up to 52.0.2743. Affected is an unknown function of the component Blink. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Blink Same-Origin Policy privilege escalation

A vulnerability was found in Google Chrome up to 52.0.2743. It has been rated as critical. This issue affects an unknown function of the component Blink. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Sfntly Heap-based buffer overflow

A vulnerability was found in Google Chrome up to 52.0.2743. It has been declared as critical. This vulnerability affects an unknown function of the component Sfntly. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete

07/20/2016 Google Chrome Extension Handler Use-After-Free buffer overflow

A vulnerability was found in Google Chrome up to 52.0.2743. It has been classified as critical. This affects an unknown function of the component Extension Handler. Upgrading to version 52.0.2743.82 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
77.8% complete