Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-6178

    The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.... Read more

    Affected Products : usbpcap
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6058

    Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via ... Read more

    Affected Products : qemu
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5987

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during ... Read more

    Affected Products : debian_linux qemu
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5956

    The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.... Read more

    Affected Products : virglrenderer
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-5930

    The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.... Read more

    Affected Products : leap postfixadmin
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5618

    GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.... Read more

    Affected Products : screen
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1155

    IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.... Read more

    Affected Products : algo_one
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1151

    IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1146

    IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : content_navigator
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-1145

    IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.... Read more

    Affected Products : websphere_mq
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1134

    IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.... Read more

    Affected Products : power_hardware_management_console
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2016-9697

    An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9696

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 19999... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9694

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9165

    The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequentl... Read more

    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8973

    IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-5857

    The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.... Read more

    Affected Products : android
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-2981

    An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.... Read more

    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2406

    The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintS... Read more

    Affected Products : document_security_management
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10214

    Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.... Read more

    Affected Products : virglrenderer
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293616 Results