Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2017-12125

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12124

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a craft... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %1.22
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12123

    An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.09
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12122

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to tr... Read more

    Affected Products : debian_linux sdl_image
    • EPSS Score: %1.62
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12121

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12120

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into t... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12119

    An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnera... Read more

    • EPSS Score: %0.43
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12118

    An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.... Read more

    • EPSS Score: %0.36
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12117

    An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypas... Read more

    • EPSS Score: %0.15
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12116

    An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization... Read more

    Affected Products : aleth ethereum_virtual_machine
    • EPSS Score: %0.15
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12115

    An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizatio... Read more

    • EPSS Score: %0.15
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2017-12114

    An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypas... Read more

    • EPSS Score: %0.22
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12113

    An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization by... Read more

    • EPSS Score: %0.15
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-12112

    An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization byp... Read more

    • EPSS Score: %0.15
    • Published: Jan. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12109

    An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send mali... Read more

    Affected Products : libxls
    • EPSS Score: %1.82
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12108

    An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send m... Read more

    Affected Products : libxls
    • EPSS Score: %1.82
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12107

    An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigg... Read more

    Affected Products : photoline
    • EPSS Score: %0.39
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12105

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can ... Read more

    Affected Products : debian_linux blender
    • EPSS Score: %1.23
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12104

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code executio... Read more

    Affected Products : debian_linux blender
    • EPSS Score: %1.23
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12103

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can a... Read more

    Affected Products : debian_linux blender
    • EPSS Score: %1.23
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291558 Results