Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-12194

    A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the cli... Read more

    Affected Products : spice-gtk
    • EPSS Score: %1.76
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12191

    A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this accoun... Read more

    Affected Products : cloudforms
    • EPSS Score: %0.17
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-12189

    It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-12175

    Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.... Read more

    Affected Products : satellite
    • EPSS Score: %0.47
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-12174

    It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemo... Read more

    • EPSS Score: %20.49
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12173

    It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given u... Read more

    • EPSS Score: %0.47
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-12171

    A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restrict... Read more

    • EPSS Score: %1.54
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12169

    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. ... Read more

    Affected Products : freeipa
    • EPSS Score: %0.22
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-12167

    It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the ... Read more

    • EPSS Score: %0.05
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12165

    It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.... Read more

    • EPSS Score: %1.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2017-12164

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.... Read more

    Affected Products : gnome_display_manager
    • EPSS Score: %0.12
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-12163

    An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a sha... Read more

    • EPSS Score: %27.33
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12161

    It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leadi... Read more

    Affected Products : keycloak keycloak
    • EPSS Score: %0.29
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12151

    A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker t... Read more

    • EPSS Score: %2.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12150

    It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-t... Read more

    • EPSS Score: %17.79
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12148

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source re... Read more

    Affected Products : cloudforms ansible_tower
    • EPSS Score: %0.45
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12130

    An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to se... Read more

    Affected Products : tinysvcmdns
    • EPSS Score: %0.73
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2017-12129

    An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.08
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12128

    An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vu... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %1.21
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2017-12127

    A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.13
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results