Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-12167

    It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the ... Read more

    • EPSS Score: %0.05
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12165

    It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.... Read more

    • EPSS Score: %1.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2017-12164

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.... Read more

    Affected Products : gnome_display_manager
    • EPSS Score: %0.12
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-12163

    An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a sha... Read more

    • EPSS Score: %27.33
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12161

    It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leadi... Read more

    Affected Products : keycloak keycloak
    • EPSS Score: %0.29
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12151

    A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker t... Read more

    • EPSS Score: %2.10
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-12150

    It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-t... Read more

    • EPSS Score: %17.79
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12148

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source re... Read more

    Affected Products : cloudforms ansible_tower
    • EPSS Score: %0.45
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12130

    An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to se... Read more

    Affected Products : tinysvcmdns
    • EPSS Score: %0.73
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2017-12129

    An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.08
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12128

    An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vu... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %1.21
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2017-12127

    A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.13
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12126

    An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.55
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12125

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12124

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a craft... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %1.22
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12123

    An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.09
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12122

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to tr... Read more

    Affected Products : debian_linux sdl_image
    • EPSS Score: %1.62
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12121

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12120

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into t... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12119

    An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnera... Read more

    • EPSS Score: %0.43
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291551 Results