Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-10064

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.... Read more

    Affected Products : leap imagemagick
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10063

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.... Read more

    Affected Products : imagemagick
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10062

    The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10060

    The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5235

    Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : metasploit
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5234

    Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : insight_collector
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5233

    Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : appspider_pro
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5232

    All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : nexpose
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5231

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to writ... Read more

    Affected Products : metasploit
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5230

    The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure l... Read more

    Affected Products : nexpose
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5229

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an ar... Read more

    Affected Products : metasploit
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5228

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary ... Read more

    Affected Products : metasploit
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-6413

    The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attack... Read more

    Affected Products : mod_auth_openidc mod_auth_openidc
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6410

    kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain ... Read more

    Affected Products : kdelibs kio
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6409

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-6408

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6407

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6406

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.... Read more

    Affected Products : netbackup_appliance netbackup access
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6405

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6404

    An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293599 Results