Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2017-9391

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "reque... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-9390

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One o... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9389

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the ... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9388

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-9387

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passe... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9386

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter i... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9385

    An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the use... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9384

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-9383

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget"... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9382

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file"... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9381

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any c... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9376

    ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.... Read more

    Affected Products : manageengine_servicedesk_plus
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9362

    ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.... Read more

    Affected Products : manageengine_servicedesk_plus
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9327

    Secret data of processes managed by CM is not secured by file permissions.... Read more

    Affected Products : cloudera_manager
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-9326

    The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.... Read more

    Affected Products : cloudera_manager
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-9325

    The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.... Read more

    Affected Products : cdh
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9317

    Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.... Read more

    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-9312

    Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.... Read more

    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9286

    The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.... Read more

    Affected Products : leap
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9285

    NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.... Read more

    Affected Products : edirectory edirectory
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293436 Results