Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-1000378

    The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory... Read more

    Affected Products : netbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-1000377

    An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-1000376

    libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.... Read more

    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000375

    NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.... Read more

    Affected Products : netbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000374

    A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.... Read more

    Affected Products : netbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1000373

    The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memor... Read more

    Affected Products : openbsd openbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000372

    A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.... Read more

    Affected Products : openbsd openbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1000371

    The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PI... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1000370

    The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x4000000... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2017-1000369

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that... Read more

    Affected Products : debian_linux exim
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1000366

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to gli... Read more

    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1000365

    The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-1000364

    An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stac... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9759

    SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.... Read more

    Affected Products : zenbership
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9757

    IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.... Read more

    Affected Products : ipfire
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9730

    SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.... Read more

    Affected Products : nuevomailer
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-4987

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on th... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4985

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-4984

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an a... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9756

    The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demons... Read more

    Affected Products : binutils
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294605 Results