Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-18082

    The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18081

    The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18080

    The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18079

    drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validat... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18078

    systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a ha... Read more

    Affected Products : debian_linux leap systemd systemd
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18077

    index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.... Read more

    Affected Products : brace_expansion
    • Published: Jan. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18076

    In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.... Read more

    Affected Products : debian_linux omniauth
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18075

    crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18074

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18073

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18072

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18071

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18070

    In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all An... Read more

    Affected Products : android
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18069

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18068

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18067

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18066

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18065

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18064

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow.... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18063

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results