Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-5216

    Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loade... Read more

    Affected Products : remote_control
    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5205

    The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-5209

    The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.... Read more

    Affected Products : libplist
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5223

    An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a sc... Read more

    Affected Products : phpmailer
    • Published: Jan. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5203

    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5225

    LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.... Read more

    Affected Products : libtiff
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5202

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5207

    Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.... Read more

    Affected Products : firejail
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-5201

    NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.... Read more

    Affected Products : clustered_data_ontap
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5214

    The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.... Read more

    Affected Products : b2j_contact
    • Published: May. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5232

    All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : nexpose
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5336

    Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.... Read more

    Affected Products : leap gnutls axc_f_2152_firmware
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5218

    A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the curr... Read more

    Affected Products : sagecrm
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-5226

    When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.... Read more

    Affected Products : bubblewrap
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5359

    EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.... Read more

    Affected Products : sql_iplug
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5241

    Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a ... Read more

    Affected Products : secure_file_transfer
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5368

    ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a maliciou... Read more

    Affected Products : zoneminder
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5239

    Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in... Read more

    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5361

    Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-c... Read more

    Affected Products : request_tracker
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5236

    Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : appspider_pro
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293781 Results