Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-12635

    Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database,... Read more

    Affected Products : couchdb
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12675

    In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12564

    In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-12581

    GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precon... Read more

    Affected Products : electron electron
    • Published: Aug. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12562

    Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : debian_linux libsndfile
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12583

    DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.... Read more

    Affected Products : dokuwiki
    • Published: Aug. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12568

    Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.... Read more

    Affected Products : dcp-j132w_firmware dcp-j132w
    • Published: Aug. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12599

    OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.... Read more

    Affected Products : debian_linux opencv
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12567

    SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.... Read more

    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12605

    OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.... Read more

    Affected Products : debian_linux opencv
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-12572

    Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.... Read more

    Affected Products : splunk
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12592

    ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.... Read more

    Affected Products : dsl-n10s_firmware dsl-n10s
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12566

    In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.... Read more

    Affected Products : imagemagick
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12638

    Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.... Read more

    Affected Products : imail_server
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12585

    SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.... Read more

    Affected Products : akasia
    • Published: Aug. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12603

    OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fsee... Read more

    Affected Products : debian_linux opencv
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12586

    SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.... Read more

    Affected Products : akasia
    • Published: Aug. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12602

    OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.... Read more

    Affected Products : opencv
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12600

    OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.... Read more

    Affected Products : opencv
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12616

    When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.... Read more

    Affected Products : tomcat
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results