Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14308

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14301

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14293

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14291

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14287

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14284

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurr... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14272

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14271

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14262

    On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.... Read more

    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-14231

    GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php,... Read more

    Affected Products : genixcms
    • Published: Sep. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8041

    In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.... Read more

    • Published: Sep. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-12699

    An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.... Read more

    Affected Products : daqfactory
    • Published: Sep. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0800

    A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.... Read more

    Affected Products : android
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0796

    A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.... Read more

    Affected Products : android
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-0791

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.... Read more

    Affected Products : android
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-7724

    AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.... Read more

    Affected Products : fglrx-driver
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-0330

    An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Pr... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1291

    IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would al... Read more

    • Published: May. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-9121

    go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static... Read more

    Affected Products : go-jose
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5623

    An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the... Read more

    Affected Products : oxygenos oneplus_3 oneplus_3t
    • Published: Mar. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292847 Results