Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2017-3846

    A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient in... Read more

    Affected Products : tidal_enterprise_scheduler
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3831

    A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to imp... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-3819

    A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5937

    The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.... Read more

    Affected Products : virglrenderer
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5898

    Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Applic... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5849

    tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height val... Read more

    Affected Products : fedora netpbm
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5239

    The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : imagemagick
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-8982

    Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffe... Read more

    Affected Products : glibc
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8898

    The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8897

    The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8896

    Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8895

    Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.... Read more

    Affected Products : imagemagick
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8894

    Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6918

    CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.... Read more

    Affected Products : bigtree_cms
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6917

    CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.... Read more

    Affected Products : bigtree_cms
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6916

    CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.... Read more

    Affected Products : bigtree_cms
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6915

    CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.... Read more

    Affected Products : bigtree_cms
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-6914

    CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.... Read more

    Affected Products : bigtree_cms
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5522

    Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.... Read more

    Affected Products : debian_linux mapserver
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7955

    The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute... Read more

    Affected Products : unified_security_management ossim
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293589 Results