Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-18268

    Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the... Read more

    Affected Products : symantec_intelligencecenter
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18267

    The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.... Read more

    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18266

    The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL... Read more

    Affected Products : ubuntu_linux debian_linux xdg-utils
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18265

    Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger... Read more

    Affected Products : debian_linux prosody
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18264

    An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5... Read more

    Affected Products : debian_linux phpmyadmin
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18263

    Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.... Read more

    • Published: Apr. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18262

    Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?r... Read more

    Affected Products : blackboard_learn
    • Published: Apr. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18261

    The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demo... Read more

    Affected Products : linux_kernel
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18260

    Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18259

    Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18258

    The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimat... Read more

    Affected Products : libxml2 nokogiri
    • Published: Apr. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18257

    The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18256

    Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.... Read more

    Affected Products : brave_browser
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18255

    The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an in... Read more

    Affected Products : linux_kernel
    • Published: Mar. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18254

    An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18253

    An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18252

    An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18251

    An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18250

    An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-18249

    The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292797 Results