Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-8761

    In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware ar... Read more

    Affected Products : swift
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8417

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the devi... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8416

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol t... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8415

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operat... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-8414

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8413

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol t... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8412

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP V... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-8411

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8410

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the va... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-8409

    An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in poss... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8408

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials ... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8407

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protect... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8406

    An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any inform... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-8405

    An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8404

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-8341

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8340

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8337

    An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement an... Read more

    • Published: Jun. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8336

    An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up route... Read more

    • Published: Jun. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2017-8335

    An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It ... Read more

    • Published: Jun. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293437 Results