Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-11010

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.... Read more

    Affected Products : android
    • EPSS Score: %0.58
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-11004

    A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430... Read more

    • EPSS Score: %0.05
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-11003

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-10992

    In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.... Read more

    Affected Products : storage_essentials
    • EPSS Score: %2.86
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-10963

    In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network tr... Read more

    • EPSS Score: %0.27
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-10937

    SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.... Read more

    Affected Products : zxiptv-ucm_firmware zxiptv-ucm
    • EPSS Score: %0.31
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-10936

    SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.... Read more

    Affected Products : zxcdn-sns_firmware zxcdn-sns
    • EPSS Score: %0.31
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-10935

    All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.... Read more

    • EPSS Score: %0.45
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-10934

    All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker ca... Read more

    Affected Products : zxiptv-epg_firmware zxiptv-epg
    • EPSS Score: %9.77
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-10854

    Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.... Read more

    Affected Products : cg-wgr_1200_firmware cg-wgr_1200
    • EPSS Score: %0.17
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-10853

    Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : cg-wgr_1200_firmware cg-wgr_1200
    • EPSS Score: %0.22
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-10852

    Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : cg-wgr_1200_firmware cg-wgr_1200
    • EPSS Score: %0.14
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-10724

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This devi... Read more

    • EPSS Score: %0.52
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-10723

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This devi... Read more

    • EPSS Score: %0.52
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-10722

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as th... Read more

    • EPSS Score: %0.24
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-10721

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in va... Read more

    • EPSS Score: %0.28
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-10720

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as th... Read more

    • EPSS Score: %0.24
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-10719

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that all... Read more

    • EPSS Score: %0.45
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-10718

    Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her o... Read more

    • EPSS Score: %0.37
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-10690

    In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4... Read more

    • EPSS Score: %0.19
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results