Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-8274

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-8252

    Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... Read more

    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8230

    On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has a... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8229

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracte... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8228

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actual... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8227

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is per... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8226

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using ... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-8187

    Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalat... Read more

    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-8176

    Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead... Read more

    Affected Products : iptv_stb_firmware iptv_stb
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-8165

    Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensit... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-8164

    Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160... Read more

    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-8154

    The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP p... Read more

    Affected Products : honor_8_lite_firmware honor_8_lite
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-8087

    Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.... Read more

    Affected Products : fritz\!os fritz\!box_7490
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8046

    Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.... Read more

    Affected Products : spring_boot spring_data_rest
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8023

    EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary ... Read more

    Affected Products : networker emc_networker
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8013

    EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". A... Read more

    Affected Products : data_protection_advisor
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-7998

    Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.... Read more

    Affected Products : gespage
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7997

    Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/... Read more

    Affected Products : gespage
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7933

    In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.... Read more

    Affected Products : ip_gateway_firmware ip_gateway
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7931

    In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.... Read more

    Affected Products : ip_gateway_firmware ip_gateway
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293426 Results