Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-11448

    The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11462

    Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.... Read more

    Affected Products : fedora kerberos_5
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-11525

    The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-11446

    The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11465

    The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y.... Read more

    Affected Products : ruby
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11467

    OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : orientdb
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11521

    The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.... Read more

    Affected Products : debian_linux resiprocate
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11481

    Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.... Read more

    Affected Products : kibana
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11517

    Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.... Read more

    Affected Products : gcore
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-11667

    OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.... Read more

    Affected Products : openproject
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-11506

    When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.... Read more

    Affected Products : nessus
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11497

    Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11512

    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to downloa... Read more

    Affected Products : servicedesk
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11496

    Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11608

    There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.... Read more

    Affected Products : libsass
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11507

    A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username para... Read more

    Affected Products : check_mk
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11511

    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to downloa... Read more

    Affected Products : servicedesk
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11533

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11516

    An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.... Read more

    Affected Products : yii
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11534

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294858 Results