Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-7531

    In Moodle 3.3, the course overview block reveals activities in hidden courses.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2642

    Moodle 3.x has user fullname disclosure on the user preferences page.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-11361

    Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the W... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10987

    An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10986

    An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10985

    An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10984

    An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10983

    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10982

    An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10981

    An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10980

    An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10979

    An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.... Read more

    Affected Products : freeradius
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10978

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11367

    The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.... Read more

    Affected Products : shoco
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.6

    MEDIUM
    CVE-2017-8034

    The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8011

    EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with defa... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8006

    In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user cou... Read more

    Affected Products : rsa_authentication_manager
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8005

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Ident... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-8004

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identi... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-8000

    In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with ... Read more

    Affected Products : rsa_authentication_manager
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294826 Results