Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7434

    In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.... Read more

    Affected Products : identity_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-7429

    The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.... Read more

    Affected Products : edirectory edirectory
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-7427

    Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application... Read more

    Affected Products : identity_manager
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-7426

    The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.... Read more

    Affected Products : identity_manager
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-7419

    A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.... Read more

    Affected Products : access_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-7399

    Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.... Read more

    Affected Products : cloudera_manager
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7376

    Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.... Read more

    Affected Products : android debian_linux libxml2
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7375

    A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a... Read more

    Affected Products : android debian_linux libxml2
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-7351

    A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.... Read more

    Affected Products : redcap redcap
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7342

    A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button... Read more

    Affected Products : fortiportal
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-7340

    A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.... Read more

    Affected Products : fortiportal
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-7327

    Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.... Read more

    Affected Products : yandex_browser
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-7326

    Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page... Read more

    Affected Products : yandex_browser
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-7325

    Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.... Read more

    Affected Products : yandex_browser
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-7252

    bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.... Read more

    Affected Products : botan
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-7189

    main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security ri... Read more

    Affected Products : php
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-7173

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-7172

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is af... Read more

    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-7171

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execut... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-7170

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results