Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-5361

    Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-c... Read more

    Affected Products : request_tracker
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6201

    Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkAr... Read more

    Affected Products : ektron_content_management_system
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6127

    Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTM... Read more

    Affected Products : request_tracker
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-5045

    NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.... Read more

    Affected Products : oncommand_system_manager
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-3998

    NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.... Read more

    Affected Products : altavault
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3997

    NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.... Read more

    Affected Products : clustered_data_ontap
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3400

    NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.... Read more

    Affected Products : data_ontap
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10798

    In ObjectPlanet Opinio before 7.6.4, there is XSS.... Read more

    Affected Products : opinio
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10800

    When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10799

    When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-10796

    On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.... Read more

    Affected Products : nc250_firmware nc250
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10794

    When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8894

    AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.... Read more

    Affected Products : aeroadmin
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8893

    AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.... Read more

    Affected Products : aeroadmin
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8797

    The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering cert... Read more

    Affected Products : linux_kernel
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-0377

    Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.... Read more

    Affected Products : tor
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10795

    Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.... Read more

    Affected Products : subrion
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2017-10706

    When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.... Read more

    Affected Products : antivirus_engine
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-10792

    There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will ... Read more

    Affected Products : pspp
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-10791

    There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a ... Read more

    Affected Products : pspp
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294717 Results