Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-8949

    A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.... Read more

    Affected Products : sitescope
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8948

    A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.... Read more

    Affected Products : network_node_manager_i
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8947

    A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.... Read more

    Affected Products : ucmdb_configuration_manager
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2017-8946

    A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.... Read more

    Affected Products : aruba_airwave_glass
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-8945

    A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.... Read more

    Affected Products : icewall_federation_agent
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-8944

    A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.... Read more

    Affected Products : cloud_optimizer
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8931

    Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.... Read more

    Affected Products : gravityzone
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-8916

    In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.... Read more

    Affected Products : cis-cat_pro_dashboard
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-8802

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-8783

    Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-8777

    Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.... Read more

    Affected Products : ox_cloud
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-8761

    In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware ar... Read more

    Affected Products : swift
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8417

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the devi... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8416

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol t... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8415

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operat... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-8414

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8413

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol t... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-8412

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP V... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-8411

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8410

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the va... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results