Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12181

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.84
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12180

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12179

    xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.84
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12178

    xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12177

    xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12176

    xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-12175

    Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.... Read more

    Affected Products : satellite
    • EPSS Score: %0.47
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-12174

    It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemo... Read more

    • EPSS Score: %20.49
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12173

    It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given u... Read more

    • EPSS Score: %0.47
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-12171

    A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restrict... Read more

    • EPSS Score: %1.54
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12169

    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. ... Read more

    Affected Products : freeipa
    • EPSS Score: %0.22
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-12167

    It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the ... Read more

    • EPSS Score: %0.05
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12165

    It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.... Read more

    • EPSS Score: %1.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2017-12164

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.... Read more

    Affected Products : gnome_display_manager
    • EPSS Score: %0.12
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-12163

    An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a sha... Read more

    • EPSS Score: %27.33
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12161

    It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leadi... Read more

    Affected Products : keycloak keycloak
    • EPSS Score: %0.29
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12151

    A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker t... Read more

    • EPSS Score: %2.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12150

    It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-t... Read more

    • EPSS Score: %17.79
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12148

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source re... Read more

    Affected Products : cloudforms ansible_tower
    • EPSS Score: %0.45
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12130

    An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to se... Read more

    Affected Products : tinysvcmdns
    • EPSS Score: %0.73
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results