Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-14881

    While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14880

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the globa... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-14879

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14878

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14877

    While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioct... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14876

    In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-14875

    In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-14873

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-14872

    While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-14870

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-14869

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14854

    A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.... Read more

    Affected Products : siteomat
    • EPSS Score: %14.51
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14853

    The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid out... Read more

    Affected Products : siteomat
    • EPSS Score: %2.18
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14852

    An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.... Read more

    Affected Products : siteomat
    • EPSS Score: %0.71
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14851

    A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.... Read more

    Affected Products : siteomat
    • EPSS Score: %5.96
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14850

    All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or n... Read more

    Affected Products : siteomat
    • EPSS Score: %0.53
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-14807

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction an... Read more

    Affected Products : studio_onsite susestudio-ui-server
    • EPSS Score: %0.17
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14806

    A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE... Read more

    Affected Products : studio_onsite susestudio-ui-server
    • EPSS Score: %0.11
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-14804

    The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.... Read more

    • EPSS Score: %0.43
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14803

    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.... Read more

    Affected Products : access_manager netiq_access_manager
    • EPSS Score: %1.46
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292386 Results