Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-8232

    Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP a... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5932

    IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : connections
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2880

    IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2879

    IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6353

    net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded applicat... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6348

    The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6347

    The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other im... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-6346

    Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt syste... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6345

    The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system cal... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5995

    The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9830

    The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6485

    The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guess... Read more

    Affected Products : magento magento2
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5374

    NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.... Read more

    Affected Products : data_ontap
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-10151

    The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment vari... Read more

    Affected Products : hesiod
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-2685

    Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions ... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5981

    seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.... Read more

    Affected Products : zziplib zziplib
    • Published: Mar. 01, 2017
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2017-5980

    The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.... Read more

    Affected Products : zziplib zziplib
    • Published: Mar. 01, 2017
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2017-5979

    The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.... Read more

    Affected Products : zziplib zziplib
    • Published: Mar. 01, 2017
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2017-5978

    The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.... Read more

    Affected Products : zziplib zziplib
    • Published: Mar. 01, 2017
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2017-5977

    The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.... Read more

    Affected Products : zziplib zziplib
    • Published: Mar. 01, 2017
    • Modified: Jul. 10, 2025
Showing 20 of 293494 Results