Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-15132

    A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused ... Read more

    Affected Products : ubuntu_linux debian_linux dovecot
    • EPSS Score: %1.30
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15131

    It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.... Read more

    Affected Products : enterprise_linux xdg-user-dirs
    • EPSS Score: %0.12
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-15130

    A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.... Read more

    Affected Products : ubuntu_linux debian_linux dovecot
    • EPSS Score: %1.26
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2017-15129

    A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_i... Read more

    • EPSS Score: %0.07
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15128

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).... Read more

    • EPSS Score: %0.05
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15127

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).... Read more

    • EPSS Score: %0.04
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-15126

    A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be remo... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.15
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15125

    A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administr... Read more

    • EPSS Score: %0.25
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15124

    VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC ser... Read more

    Affected Products : qemu
    • EPSS Score: %0.80
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-15123

    A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including dat... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.24
    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15120

    An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote att... Read more

    Affected Products : debian_linux recursor
    • EPSS Score: %0.57
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2017-15119

    The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could... Read more

    • EPSS Score: %1.77
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15118

    A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write... Read more

    Affected Products : ubuntu_linux enterprise_linux qemu
    • EPSS Score: %2.31
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-15113

    ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are sh... Read more

    Affected Products : virtualization ovirt
    • EPSS Score: %0.34
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15112

    keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.... Read more

    Affected Products : keycloak-httpd-client-install
    • EPSS Score: %0.05
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15111

    keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.... Read more

    Affected Products : keycloak-httpd-client-install
    • EPSS Score: %0.06
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-15108

    spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.... Read more

    Affected Products : debian_linux spice-vdagent
    • EPSS Score: %0.14
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15107

    A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.... Read more

    Affected Products : dnsmasq
    • EPSS Score: %0.02
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-15105

    A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into acc... Read more

    Affected Products : ubuntu_linux debian_linux unbound
    • EPSS Score: %0.68
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15101

    A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.... Read more

    • EPSS Score: %0.32
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292212 Results