Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-6731

    A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) c... Read more

    Affected Products : ios_xr carrier_routing_system
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6749

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affe... Read more

    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6747

    A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assign... Read more

    Affected Products : identity_services_engine
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6800

    An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.... Read more

    Affected Products : debian_linux ytnef
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-6728

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Re... Read more

    Affected Products : ios_xr carrier_routing_system
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6811

    paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).... Read more

    Affected Products : mangoswebv4
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6754

    A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attack... Read more

    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6761

    A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected d... Read more

    Affected Products : finesse
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6784

    A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance ... Read more

    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6755

    A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Infor... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6799

    A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.... Read more

    Affected Products : mantisbt
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6776

    A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient va... Read more

    Affected Products : elastic_services_controller
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-6874

    Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behav... Read more

    Affected Products : linux_kernel
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6780

    A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion.... Read more

    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6837

    WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6838

    Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6793

    A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6797

    A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.... Read more

    Affected Products : mantisbt
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6812

    paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).... Read more

    Affected Products : mangoswebv4
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6830

    Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293612 Results