Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-3107

    The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3091

    Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : diego
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2034

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.... Read more

    Affected Products : clearpass
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-3498

    The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.... Read more

    Affected Products : ansible
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2017-9330

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2017-9310

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outsid... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9023

    The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9022

    The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8108

    Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5878

    The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.... Read more

    Affected Products : media_server media_server
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-2800

    The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restar... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-2255

    Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.... Read more

    Affected Products : ar1220_firmware ar1220
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2015-2253

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-2252

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2251

    The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-8687

    Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.... Read more

    Affected Products : business_nas_firmware business_nas
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2014-6031

    Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-4843

    Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related t... Read more

    Affected Products : curam_social_program_management
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9520

    The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.... Read more

    Affected Products : radare2
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9519

    atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.... Read more

    Affected Products : atmail
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294513 Results