Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-4918

    VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX s... Read more

    Affected Products : horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-4930

    VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user bein... Read more

    Affected Products : airwatch
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-4969

    The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.... Read more

    Affected Products : cf-release
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4913

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of ... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-4976

    EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP director... Read more

    Affected Products : esrs_policy_manager
    • Published: Jul. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-4917

    VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.... Read more

    Affected Products : vsphere_data_protection
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-4980

    EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.... Read more

    Affected Products : isilon_onefs isilon_onefs
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5027

    Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML p... Read more

    Affected Products : chrome
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5058

    A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.... Read more

    Affected Products : chrome windows
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5032

    PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.... Read more

    Affected Products : chrome windows
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    CRITICAL
    CVE-2017-4919

    VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.... Read more

    Affected Products : vcenter_server
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-4970

    An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file i... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4910

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of ... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4912

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-4899

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has... Read more

    Affected Products : workstation_pro workstation_player
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4931

    VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening ... Read more

    Affected Products : airwatch
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-4898

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal us... Read more

    Affected Products : workstation_pro workstation_player
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-4900

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.... Read more

    Affected Products : workstation_pro workstation_player
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-4902

    VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to e... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-4916

    VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machi... Read more

    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293632 Results