Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-7472

    The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.... Read more

    Affected Products : linux_kernel
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8851

    An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' sy... Read more

    Affected Products : oxygenos oneplus_one oneplus_x
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8850

    An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5948

    An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the give... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10370

    An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the... Read more

    Affected Products : oxygenos oneplus_3t
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8899

    Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain ... Read more

    Affected Products : invision_power_board
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8898

    Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/... Read more

    Affected Products : invision_power_board
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8897

    Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a m... Read more

    Affected Products : invision_power_board
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7476

    The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certa... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9100

    Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker ... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9099

    Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-9097

    The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9092

    The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techni... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-2126

    Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos tic... Read more

    Affected Products : samba
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-5436

    A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was or... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-6867

    A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that coul... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6865

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-2681

    Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8798

    Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.... Read more

    Affected Products : miniupnpd miniupnp
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5461

    Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact... Read more

    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294123 Results