Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-7006

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel atta... Read more

    Affected Products : iphone_os tvos safari webkit
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-6710

    A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings th... Read more

    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-6061

    Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this c... Read more

    • Published: Mar. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6019

    An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.... Read more

    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6009

    An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negativ... Read more

    • Published: Feb. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-3588

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infr... Read more

    Affected Products : solaris_cluster
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9629

    A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbit... Read more

    Affected Products : wonderware_archestra_logger
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2017-3626

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : glassfish_server
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5546

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnera... Read more

    Affected Products : jdk jre jrockit
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-3349

    Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthen... Read more

    Affected Products : marketing
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0109

    Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS vi... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-2378

    A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered m... Read more

    Affected Products : ubuntu_linux debian_linux pidgin
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9995

    libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a cr... Read more

    Affected Products : ffmpeg
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9640

    A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCT... Read more

    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2979

    Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : digital_editions
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2997

    Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-3002

    Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3043

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-3073

    Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3101

    Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.... Read more

    Affected Products : connect
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293353 Results