Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7575

    Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbit... Read more

    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7506

    spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.... Read more

    Affected Products : spice
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7515

    poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.... Read more

    Affected Products : poppler
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-7496

    fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.... Read more

    Affected Products : arm_installer
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7546

    PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.... Read more

    Affected Products : debian_linux postgresql
    • Published: Aug. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-7531

    In Moodle 3.3, the course overview block reveals activities in hidden courses.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7557

    dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.... Read more

    Affected Products : dnsdist
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7574

    Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by pr... Read more

    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7595

    The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.... Read more

    Affected Products : libtiff
    • Published: Apr. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-7521

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().... Read more

    Affected Products : openvpn
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7584

    Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.... Read more

    Affected Products : foxit_pdf_toolkit
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7603

    au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.... Read more

    Affected Products : libaacplus
    • Published: Apr. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-7520

    OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.... Read more

    Affected Products : openvpn
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7578

    Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incom... Read more

    Affected Products : libming
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7540

    rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege e... Read more

    Affected Products : safemode
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7554

    It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.... Read more

    Affected Products : mobile_application_platform
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7664

    Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7548

    PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.... Read more

    Affected Products : debian_linux postgresql
    • Published: Aug. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7560

    It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.... Read more

    Affected Products : rhnsd
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7593

    tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.... Read more

    Affected Products : libtiff
    • Published: Apr. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293618 Results