Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-8289

    Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unsp... Read more

    Affected Products : riot
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8288

    gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the... Read more

    Affected Products : gnome-shell
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8287

    FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.... Read more

    Affected Products : freetype
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6037

    A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.... Read more

    Affected Products : levi_studio_hmi_editor
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6035

    A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.... Read more

    Affected Products : levi_studio_hmi_editor
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3162

    HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.... Read more

    Affected Products : hadoop
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3161

    The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.... Read more

    Affected Products : hadoop
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1170

    IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.... Read more

    Affected Products : websphere_commerce
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-8962

    IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.... Read more

    Affected Products : bigfix_inventory
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2016-8924

    IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's sessio... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-8284

    The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects ... Read more

    Affected Products : qemu
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7720

    Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.... Read more

    Affected Products : privatetunnel
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6054

    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.... Read more

    Affected Products : blue_link
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6052

    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.... Read more

    Affected Products : blue_link
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8283

    dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source pack... Read more

    Affected Products : dpkg
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7293

    The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1... Read more

    Affected Products : dolby_audio_x2 dolby_audio_x3
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8225

    On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8224

    Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8223

    On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8222

    Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293962 Results