Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-10006

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low pr... Read more

    Affected Products : flexcube_private_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10005

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauth... Read more

    Affected Products : flexcube_private_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-10004

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where... Read more

    Affected Products : solaris solaris
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.5

    MEDIUM
    CVE-2017-10003

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrast... Read more

    Affected Products : solaris solaris
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10002

    Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged... Read more

    Affected Products : hospitality_inventory_management
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-10001

    Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable vulnerability allows low privileged attacker with network... Read more

    Affected Products : hospitality_simphony
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-10000

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attack... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12678

    In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.... Read more

    Affected Products : debian_linux taglib
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12677

    IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.... Read more

    Affected Products : identityserver3
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9942

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-9941

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communica... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-9940

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9939

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9938

    A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts au... Read more

    Affected Products : simatic_logon
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-6873

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6872

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6871

    A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, th... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-6870

    A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Mid... Read more

    Affected Products : simatic_wincc_sm\@rtclient
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6869

    A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web ... Read more

    Affected Products : viewport_for_web_office_portal
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6866

    A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.... Read more

    Affected Products : xhq_server
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294860 Results