Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-11473

    Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-11523

    The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.... Read more

    Affected Products : imagemagick
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-11526

    The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-11530

    The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11547

    The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidit... Read more

    Affected Products : timidity\+\+
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11591

    There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11628

    In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for ... Read more

    Affected Products : php
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11640

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11729

    A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ming
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2701

    Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to ... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11935

    Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".... Read more

    Affected Products : office
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11755

    The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.... Read more

    Affected Products : imagemagick
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2688

    The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicki... Read more

    Affected Products : ruggedcom_rox_i
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11762

    The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vu... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11786

    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of ... Read more

    Affected Products : office lync skype_for_business
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2696

    The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on ... Read more

    Affected Products : y6ii_firmware y6ii
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11810

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the co... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11821

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". ... Read more

    Affected Products : edge windows_10 chakracore
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2694

    The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be pl... Read more

    Affected Products : vmall
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-2683

    A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.... Read more

    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294714 Results