Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2017-5385

Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51....

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2017-5384

Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified...

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2017-5383

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firef...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-5382

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51....

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-5381

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability aff...

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5380

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-5379

Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51....

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2017-5378

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5377

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51....

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5376

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5375

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51....

Affected Products : firefox firefox_esr thunderbird debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5374

Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51....

Affected Products : firefox
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5373

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects T...

Affected Products : firefox firefox_esr thunderbird debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file....

Affected Products : ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus opensuse +1 more products
Published: Nov. 04, 2019

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable....

Affected Products : ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus opensuse +1 more products
Published: Nov. 04, 2019

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable....

Affected Products : ubuntu_linux debian_linux leap opensuse icoutils
Published: Nov. 04, 2019

Modified: Nov. 21, 2024
8.1

HIGH

CVE-2017-5251

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted....

Affected Products : insteon_hub_firmware insteon_hub
Published: Feb. 22, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5250

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner....

Affected Products : insteon_for_hub
Published: Feb. 22, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5249

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner....

Affected Products : wink
Published: Feb. 22, 2018

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2017-5213

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS)....

Affected Products : open-xchange_appsuite
Published: May. 23, 2019

Modified: Nov. 21, 2024

Showing 20 of 293343 Results

Browse by Apps

Latest CVE Feed

7.5

5.9

5.3

7.5

7.5

9.8

7.5

7.5

9.8

9.8

9.8

9.8

9.8

7.8

7.8

7.8

8.1

9.8

9.8

6.1

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable