Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-1000004

    ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Soc... Read more

    Affected Products : atutor
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000003

    ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control chec... Read more

    Affected Products : atutor
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000002

    ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the C... Read more

    Affected Products : atutor
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1000001

    FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.... Read more

    Affected Products : fedmsg
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-0196

    An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0152

    A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in... Read more

    Affected Products : edge
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-0028

    A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An a... Read more

    Affected Products : edge
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-6793

    The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM b... Read more

    Affected Products : wicket
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-6312

    The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav reposito... Read more

    Affected Products : enterprise_linux
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4996

    discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the roo... Read more

    Affected Products : enterprise_linux_server satellite
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-4984

    /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod t... Read more

    Affected Products : enterprise_linux openldap-servers
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-4982

    authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.... Read more

    Affected Products : authd
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-10398

    Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay pre... Read more

    Affected Products : android
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-0764

    Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive co... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-5152

    Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.... Read more

    Affected Products : foreman
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-0249

    The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).... Read more

    Affected Products : roller
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11310

    The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.... Read more

    Affected Products : imagemagick
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9789

    When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.... Read more

    Affected Products : http_server
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-9788

    In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key wit... Read more

    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-6249

    An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged p... Read more

    Affected Products : android
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294835 Results