Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-8307

    In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Ava... Read more

    Affected Products : antivirus
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8278

    In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8312

    Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.... Read more

    Affected Products : debian_linux vlc_media_player
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2017-8474

    The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specia... Read more

    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8282

    XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8287

    FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.... Read more

    Affected Products : freetype
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8302

    Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cuse... Read more

    Affected Products : muracms
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-8280

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context sw... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8303

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8369

    IrfanView version 4.44 (32bit) has a "Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3" issue, which might allow attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : irfanview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8402

    PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.... Read more

    Affected Products : pivotx
    • Published: May. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8308

    In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attac... Read more

    Affected Products : antivirus
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-8418

    RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.... Read more

    Affected Products : rubocop
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-8327

    The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.... Read more

    Affected Products : imageworsener imageworsener
    • Published: Apr. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8338

    A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all de... Read more

    Affected Products : routeros
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8310

    Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles fil... Read more

    Affected Products : vlc_media_player
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8362

    The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.... Read more

    Affected Products : debian_linux libsndfile
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8342

    Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.... Read more

    Affected Products : radicale
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8394

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an anal... Read more

    Affected Products : binutils
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8349

    In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : debian_linux imagemagick
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293612 Results