Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-15364

    The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this... Read more

    Affected Products : ccsv
    • Published: Oct. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15328

    Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information lea... Read more

    Affected Products : hg8245h_firmware hg8245h
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-15359

    In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must... Read more

    Affected Products : 3cx phone_system
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15324

    Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target de... Read more

    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-15376

    The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.... Read more

    Affected Products : mobaxterm
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-15366

    Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to g... Read more

    Affected Products : ndoc
    • Published: Oct. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15362

    osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection o... Read more

    Affected Products : osticket
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15374

    Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields ... Read more

    Affected Products : shopware
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15380

    XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.... Read more

    Affected Products : e-sic
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15377

    In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop ... Read more

    Affected Products : suricata suricata
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15373

    E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).... Read more

    Affected Products : e-sic
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15595

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.... Read more

    Affected Products : xen
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15569

    In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.... Read more

    Affected Products : debian_linux redmine
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15516

    NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.... Read more

    Affected Products : snapcenter_server
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-15530

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the applicat... Read more

    Affected Products : norton_family
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-15532

    Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variable... Read more

    Affected Products : messaging_gateway message_gateway
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15528

    Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target... Read more

    Affected Products : install_norton_security
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15607

    Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.... Read more

    Affected Products : otter
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2017-15529

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or inde... Read more

    Affected Products : norton_family
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15565

    In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.... Read more

    Affected Products : debian_linux poppler
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294842 Results