Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-15698

    When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was the... Read more

    Affected Products : debian_linux tomcat_native
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15697

    A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x... Read more

    Affected Products : nifi
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15696

    When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration dat... Read more

    Affected Products : geode
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-15695

    When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be res... Read more

    Affected Products : geode
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15694

    When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of t... Read more

    Affected Products : geode
    • Published: Jun. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15693

    In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote ... Read more

    Affected Products : geode
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15692

    In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on... Read more

    Affected Products : geode
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15691

    In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of ... Read more

    Affected Products : uimaj uima-as uimafit uimaducc
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-15686

    Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2017-15685

    Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15684

    Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2017-15683

    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-15682

    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15681

    In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15680

    In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15665

    In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.... Read more

    Affected Products : diskboss
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15664

    In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.... Read more

    Affected Products : syncbreeze
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15663

    In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.... Read more

    Affected Products : disk_pulse
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15662

    In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.... Read more

    Affected Products : vx_search
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-15656

    Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.... Read more

    Affected Products : asuswrt
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292814 Results