Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-1000043

    Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This at... Read more

    Affected Products : squert
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000042

    Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This at... Read more

    Affected Products : squert
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000041

    GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through S... Read more

    Affected Products : debian_linux librsvg
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000040

    In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.... Read more

    Affected Products : debian_linux mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000039

    In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.... Read more

    Affected Products : mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000038

    In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.... Read more

    Affected Products : mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000037

    In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.... Read more

    Affected Products : debian_linux mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000036

    In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : debian_linux mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000035

    A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.... Read more

    Affected Products : unzip unzip
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-1000034

    An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.... Read more

    Affected Products : unzip
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-1000033

    An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.... Read more

    Affected Products : unzip
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000032

    A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.... Read more

    Affected Products : unzip
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000031

    A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.... Read more

    Affected Products : unzip
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2018-1000030

    Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vuln... Read more

    Affected Products : ubuntu_linux python
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000029

    mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via t... Read more

    Affected Products : elsa
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-1000028

    Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This... Read more

    Affected Products : linux_kernel
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000027

    The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. T... Read more

    Affected Products : ubuntu_linux debian_linux squid
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2018-1000026

    Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to b... Read more

    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-1000025

    Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID co... Read more

    Affected Products : firebase_admin_sdk_for_php
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000024

    The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack a... Read more

    Affected Products : ubuntu_linux debian_linux squid
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results