Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2012-5361

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.... Read more

    Affected Products : ffmpeg
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7187

    The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call... Read more

    Affected Products : linux_kernel
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7186

    libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.... Read more

    Affected Products : pcre pcre2
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-9938

    contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.... Read more

    Affected Products : git
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5623

    An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the... Read more

    Affected Products : oxygenos oneplus_3 oneplus_3t
    • Published: Mar. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7184

    The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Mar. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8855

    Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.... Read more

    Affected Products : experience_platform
    • Published: Mar. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7178

    CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plu... Read more

    Affected Products : debian_linux deluge
    • Published: Mar. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7177

    Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.... Read more

    Affected Products : suricata suricata
    • Published: Mar. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10253

    An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordina... Read more

    Affected Products : erlang\/otp
    • Published: Mar. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7174

    The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.... Read more

    Affected Products : chef_manage chef_manage
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3881

    A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges... Read more

    • Actively Exploited
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3880

    An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 ... Read more

    Affected Products : webex_meetings_server
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-3879

    A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the lo... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-3878

    A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpected... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3877

    A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. ... Read more

    Affected Products : unified_communications_manager
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-3875

    An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control li... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3874

    A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2)... Read more

    Affected Products : unified_communications_manager
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3872

    A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Inform... Read more

    Affected Products : unified_communications_manager
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-3871

    A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The ... Read more

    Affected Products : prime_optical
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293620 Results