Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-7275

    The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fi... Read more

    Affected Products : imagemagick
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9252

    The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through u... Read more

    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7274

    The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.... Read more

    Affected Products : radare2
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.6

    MEDIUM
    CVE-2017-7273

    The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID repor... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-7272

    PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is sp... Read more

    Affected Products : php
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7271

    Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen... Read more

    Affected Products : yii yii
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7191

    The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.... Read more

    Affected Products : irssi
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7183

    The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.... Read more

    Affected Products : extraputty
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6542

    The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded ag... Read more

    Affected Products : leap putty leap
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6464

    NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6463

    NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6462

    Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6460

    Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6459

    The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6458

    Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.... Read more

    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-6455

    NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6452

    Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6451

    The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which tri... Read more

    Affected Products : ntp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9243

    HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.... Read more

    Affected Products : ubuntu_linux fedora cryptography
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4912

    The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.... Read more

    Affected Products : openslp
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293620 Results