Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2017-7760

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Moz...

Affected Products : firefox firefox_esr windows
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. O...

Affected Products : android firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7757

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thun...

Affected Products : firefox firefox_esr thunderbird debian_linux
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird debian_linux
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2017-7755

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Window...

Affected Products : firefox firefox_esr thunderbird windows
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. Th...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox <...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7671

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump....

Affected Products : debian_linux traffic_server
Published: Feb. 27, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chun...

Affected Products : debian_linux hci_management_node solidfire snapcenter e-series_santricity_os_controller e-series_santricity_web_services snapmanager retail_xstore_point_of_service jetty snap_creator_framework +10 more products
Published: Jun. 26, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thu...

Affected Products : debian_linux oncommand_unified_manager snapcenter e-series_santricity_os_controller e-series_santricity_web_services element_software snapmanager retail_xstore_point_of_service element_software_management_node jetty +8 more products
Published: Jun. 26, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a v...

Affected Products : debian_linux jetty
Published: Jun. 26, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7655

In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library....

Affected Products : debian_linux mosquitto
Published: Mar. 27, 2019

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7654

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker....

Affected Products : debian_linux mosquitto
Published: Jun. 05, 2018

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which ...

Affected Products : debian_linux mosquitto
Published: Jun. 05, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file d...

Affected Products : debian_linux mosquitto
Published: Apr. 25, 2018

Modified: Nov. 21, 2024

Showing 20 of 293555 Results

Browse by Apps

Latest CVE Feed

7.8

7.5

9.1

9.8

9.8

7.8

7.5

9.1

8.8

9.8

9.8

9.8

7.5

9.8

9.8

7.5

7.5

7.5

5.3

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable