Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-6925

    In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities t... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-6924

    In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-6923

    In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitiga... Read more

    Affected Products : drupal
    • Published: Jan. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-6922

    In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather tha... Read more

    Affected Products : debian_linux drupal
    • Published: Jan. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-6921

    In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6920

    Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.... Read more

    Affected Products : drupal
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-6913

    Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-6912

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-6910

    The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, ... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-6900

    An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential... Read more

    Affected Products : netman_204_firmware netman_204
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-6888

    An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.... Read more

    Affected Products : fedora debian_linux flac
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-6514

    WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.... Read more

    Affected Products : wordpress
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-6426

    An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-6425

    An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-6424

    An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-6423

    An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-6371

    Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.... Read more

    Affected Products : bbs
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-6363

    In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, an... Read more

    Affected Products : libgd
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2017-6323

    The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclos... Read more

    Affected Products : management_console
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-6296

    NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.... Read more

    Affected Products : android shield_tv_firmware shield_tv
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293619 Results