Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-7423

    A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if... Read more

    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7414

    In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically ver... Read more

    Affected Products : groupware
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7484

    It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibl... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7424

    A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a syste... Read more

    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7458

    The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP addres... Read more

    Affected Products : ntopng
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7421

    Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 a... Read more

    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7431

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.... Read more

    Affected Products : imanager imanager
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7474

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.... Read more

    Affected Products : keycloak-nodejs-auth-utils
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7416

    ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.... Read more

    Affected Products : ntopng
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7442

    Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.... Read more

    Affected Products : nitro_pro nitro_pro
    • Published: Aug. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7430

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.... Read more

    Affected Products : imanager imanager
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-7422

    Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to by... Read more

    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7511

    poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.... Read more

    Affected Products : poppler
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7441

    In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vu... Read more

    Affected Products : hitmanpro
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7444

    In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.... Read more

    Affected Products : system_recovery
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7507

    GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.... Read more

    Affected Products : gnutls
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7462

    Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.... Read more

    Affected Products : nfc-30ir_firmware nfc-30ir
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7480

    rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.... Read more

    Affected Products : rootkit_hunter
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7495

    fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiti... Read more

    Affected Products : linux_kernel
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-7477

    Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunct... Read more

    Affected Products : linux_kernel
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293620 Results