Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-18222

    In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have... Read more

    Affected Products : linux_kernel
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18221

    The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18220

    The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related is... Read more

    Affected Products : graphicsmagick
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18219

    An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png... Read more

    Affected Products : debian_linux graphicsmagick
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18218

    In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xm... Read more

    Affected Products : linux_kernel
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18217

    An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.... Read more

    Affected Products : invoiceplane
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18216

    In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18215

    xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.... Read more

    Affected Products : leap xv
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18214

    The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.... Read more

    Affected Products : nessus moment
    • Published: Mar. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18213

    In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.... Read more

    Affected Products : exponent_cms
    • Published: Mar. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18212

    An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.... Read more

    Affected Products : jerryscript
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18211

    In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18210

    In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.... Read more

    Affected Products : imagemagick
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18209

    In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18208

    The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18207

    The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor... Read more

    Affected Products : python
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18206

    In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.... Read more

    Affected Products : ubuntu_linux zsh
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18205

    In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.... Read more

    Affected Products : zsh zsh
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18204

    The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-18203

    The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results