Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-9364

    Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9363

    Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.... Read more

    Affected Products : iam
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9361

    WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.... Read more

    Affected Products : websitebaker
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9360

    WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.... Read more

    Affected Products : websitebaker
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9359

    The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and ... Read more

    Affected Products : certified_asterisk open_source
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9358

    A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and lead... Read more

    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9354

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9353

    In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9352

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9351

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9350

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9349

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9348

    In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9347

    In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9346

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9345

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9344

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9343

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.... Read more

    Affected Products : wireshark
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9060

    Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.... Read more

    Affected Products : qemu
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8386

    git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privile... Read more

    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294692 Results