Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-14436

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %2.23
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-14435

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %2.23
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14434

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14433

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.71
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14432

    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the ... Read more

    Affected Products : edr-810_firmware edr-810
    • EPSS Score: %0.65
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14395

    Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser... Read more

    Affected Products : access_management openam
    • EPSS Score: %0.32
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14394

    OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated r... Read more

    Affected Products : access_management openam
    • EPSS Score: %0.20
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-14384

    In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially... Read more

    Affected Products : storage_manager
    • EPSS Score: %4.83
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14383

    In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A... Read more

    • EPSS Score: %0.18
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14323

    SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.... Read more

    Affected Products : onethink
    • EPSS Score: %7.29
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-14232

    The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.... Read more

    Affected Products : jasper flif
    • EPSS Score: %0.24
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14202

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell vers... Read more

    Affected Products : zephyr
    • EPSS Score: %0.16
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14201

    Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.70
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14199

    A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.55
    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14191

    An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.... Read more

    Affected Products : fortiweb
    • EPSS Score: %0.22
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14190

    A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.... Read more

    Affected Products : fortios
    • EPSS Score: %0.39
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-14187

    A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate vi... Read more

    Affected Products : fortios
    • EPSS Score: %0.06
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-14185

    An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SS... Read more

    Affected Products : fortios
    • EPSS Score: %0.33
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14180

    Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root... Read more

    Affected Products : ubuntu_linux apport
    • EPSS Score: %0.05
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14179

    Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privilege... Read more

    Affected Products : ubuntu_linux apport
    • EPSS Score: %0.03
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292212 Results