Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2017-13185

    An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13184

    In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-13183

    In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling c... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13182

    In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution pri... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13181

    In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execut... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13180

    In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevat... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13179

    In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be... Read more

    Affected Products : android
    • EPSS Score: %3.42
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13178

    In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges ... Read more

    Affected Products : android
    • EPSS Score: %3.42
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13177

    In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions... Read more

    Affected Products : android
    • EPSS Score: %10.05
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13176

    In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed... Read more

    Affected Products : android
    • EPSS Score: %0.69
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13108

    DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : dfndr_security
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13107

    Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : liveme
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13106

    Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : cm_launcher_3d
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-13105

    Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted ... Read more

    Affected Products : virus_cleaner
    • EPSS Score: %0.10
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13104

    Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : ubereats
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13102

    Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : asphalt_xtreme
    • EPSS Score: %0.16
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13101

    Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : musical.ly
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13100

    DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : the_moron_test
    • EPSS Score: %0.11
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13097

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The method... Read more

    Affected Products : -
    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13096

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are... Read more

    Affected Products : -
    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results