Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2017-3741

    In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.... Read more

    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3740

    In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.... Read more

    Affected Products : active_protection_system
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8231

    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.... Read more

    Affected Products : lenovo_service_bridge
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8230

    In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.... Read more

    Affected Products : lenovo_service_bridge
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8229

    A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.... Read more

    Affected Products : lenovo_service_bridge
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8228

    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.... Read more

    Affected Products : lenovo_service_bridge
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9409

    In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9408

    In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : debian_linux poppler
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9407

    In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9406

    In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : debian_linux poppler
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9405

    In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9404

    In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ubuntu_linux debian_linux libtiff
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9403

    In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ubuntu_linux debian_linux libtiff
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-0896

    Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organ... Read more

    Affected Products : zulip_server
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9380

    OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.... Read more

    Affected Products : openemr
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9379

    Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9378

    BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9372

    PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP pack... Read more

    Affected Products : certified_asterisk open_source
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6039

    A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.... Read more

    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-9366

    Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.... Read more

    Affected Products : epesi
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294713 Results