Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.8

    HIGH
    CVE-2017-8072

    The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-8071

    drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8070

    drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8069

    drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8068

    drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8067

    drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecifi... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8066

    drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8065

    crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8064

    drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly ... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8063

    drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact b... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8062

    drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspe... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-8061

    drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025
  • 5.3

    MEDIUM
    CVE-2017-8056

    WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including ma... Read more

    Affected Products : fireware
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 5.3

    MEDIUM
    CVE-2017-8055

    WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames.... Read more

    Affected Products : fireware
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-8054

    The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-8053

    PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).... Read more

    Affected Products : podofo
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-8052

    Craft CMS before 2.6.2974 allows XSS attacks.... Read more

    Affected Products : craft_cms
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-7991

    Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.... Read more

    Affected Products : exponent_cms
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2016-9954

    The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.... Read more

    Affected Products : irregex
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-5399

    The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.... Read more

    Affected Products : php
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293961 Results