Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-2668

    389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind req... Read more

    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-2667

    Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle att... Read more

    Affected Products : satellite satellite_capsule hammer_cli
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-2666

    It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-2665

    The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring se... Read more

    Affected Products : storage_console mongodb
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-2664

    CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of C... Read more

    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2017-2663

    It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to privat... Read more

    Affected Products : subscription-manager
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-2662

    A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repo... Read more

    Affected Products : katello subscription_asset_manager
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-2661

    ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.... Read more

    Affected Products : pcs
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-2659

    It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password att... Read more

    Affected Products : dropbear_ssh
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-2658

    It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An a... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-2654

    jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful buil... Read more

    Affected Products : email_extension
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-2653

    A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. ... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-2652

    It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permiss... Read more

    Affected Products : distributed_fork
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-2651

    jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who ... Read more

    Affected Products : mailer
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2017-2650

    It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.... Read more

    Affected Products : pipeline_classpath_step
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-2649

    It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.... Read more

    Affected Products : active_directory
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2017-2648

    It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.... Read more

    Affected Products : ssh_slaves
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-2646

    It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.... Read more

    Affected Products : keycloak
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-2640

    An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-2639

    It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenS... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results