Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-5333

    Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.... Read more

    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-5332

    The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.... Read more

    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-5331

    Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.... Read more

    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-5251

    In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.... Read more

    Affected Products : insteon_hub_firmware insteon_hub
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5250

    In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.... Read more

    Affected Products : insteon_for_hub
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5249

    In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.... Read more

    Affected Products : wink
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-5213

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5212

    Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-5211

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5210

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-5189

    NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.... Read more

    Affected Products : imanager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-5188

    The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.... Read more

    Affected Products : open_build_service
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-5175

    Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.... Read more

    Affected Products : webaccess
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-5170

    An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacke... Read more

    Affected Products : softnvr-ia_live_view
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5133

    Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.... Read more

    Affected Products : debian_linux chrome
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5132

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.... Read more

    Affected Products : debian_linux chrome
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5131

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.... Read more

    Affected Products : debian_linux chrome
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5130

    An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.... Read more

    Affected Products : debian_linux chrome libxml2
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5129

    A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... Read more

    Affected Products : debian_linux chrome
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-5128

    Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.... Read more

    Affected Products : debian_linux chrome
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results