Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-15137

    The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-15136

    When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.... Read more

    Affected Products : satellite
    • EPSS Score: %0.23
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-15135

    It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the... Read more

    Affected Products : 389_directory_server
    • EPSS Score: %2.07
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15134

    A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd cr... Read more

    • EPSS Score: %1.70
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15133

    A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.... Read more

    Affected Products : miekg-dns
    • EPSS Score: %0.67
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15132

    A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused ... Read more

    Affected Products : ubuntu_linux debian_linux dovecot
    • EPSS Score: %1.30
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15131

    It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.... Read more

    Affected Products : enterprise_linux xdg-user-dirs
    • EPSS Score: %0.12
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-15130

    A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.... Read more

    Affected Products : ubuntu_linux debian_linux dovecot
    • EPSS Score: %1.26
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2017-15129

    A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_i... Read more

    • EPSS Score: %0.07
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15128

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).... Read more

    • EPSS Score: %0.05
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15127

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).... Read more

    • EPSS Score: %0.04
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-15126

    A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be remo... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.15
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15125

    A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administr... Read more

    • EPSS Score: %0.25
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15124

    VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC ser... Read more

    Affected Products : qemu
    • EPSS Score: %0.80
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-15123

    A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including dat... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.24
    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15120

    An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote att... Read more

    Affected Products : debian_linux recursor
    • EPSS Score: %0.57
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2017-15119

    The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could... Read more

    • EPSS Score: %1.77
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15118

    A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write... Read more

    Affected Products : ubuntu_linux enterprise_linux qemu
    • EPSS Score: %2.31
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-15113

    ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are sh... Read more

    Affected Products : virtualization ovirt
    • EPSS Score: %0.34
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15112

    keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.... Read more

    Affected Products : keycloak-httpd-client-install
    • EPSS Score: %0.05
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291890 Results