Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-18056

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bou... Read more

    Affected Products : android
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18055

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, lead... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18054

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to pote... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18053

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of boun... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18052

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), w... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18051

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds mem... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18050

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer ove... Read more

    Affected Products : android
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18049

    In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft ... Read more

    Affected Products : silverstripe framework
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18048

    Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.... Read more

    Affected Products : monstra
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18047

    Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.... Read more

    Affected Products : nfsaxe
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18046

    Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).... Read more

    Affected Products : h640x_firmware h640x
    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18045

    JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.... Read more

    Affected Products : directadmin
    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18044

    A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to Creat... Read more

    Affected Products : commvault
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18043

    Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18042

    The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18041

    The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18040

    The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.... Read more

    Affected Products : bamboo
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18039

    The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.... Read more

    Affected Products : jira jira_server
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18038

    The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.... Read more

    Affected Products : bitbucket_server bitbucket
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18037

    The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.... Read more

    Affected Products : bitbucket_server bitbucket
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292849 Results