Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-18125

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The ... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18124

    During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, M... Read more

    • Published: Oct. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-18123

    The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.... Read more

    Affected Products : debian_linux dokuwiki
    • Published: Feb. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18122

    A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of ... Read more

    Affected Products : debian_linux simplesamlphp
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18121

    The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.... Read more

    Affected Products : debian_linux simplesamlphp
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18120

    A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability th... Read more

    Affected Products : gifsicle gifsicle
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18113

    The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) v... Read more

    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18112

    Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.... Read more

    Affected Products : fisheye
    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2017-18111

    The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This ... Read more

    Affected Products : application_links
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18110

    The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18109

    The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redir... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18108

    The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18107

    Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application... Read more

    Affected Products : crowd
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18106

    The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an applica... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18105

    The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third p... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-18104

    The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not b... Read more

    Affected Products : jira jira_server
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-18103

    The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.... Read more

    Affected Products : http_library
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18102

    The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.... Read more

    Affected Products : jira_server
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18101

    Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers t... Read more

    Affected Products : jira jira_server
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18100

    The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.... Read more

    Affected Products : jira jira_server
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results