Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-17767

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.... Read more

    Affected Products : android
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17766

    In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocatio... Read more

    Affected Products : android
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-17765

    In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer ... Read more

    Affected Products : android
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-17764

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculatio... Read more

    Affected Products : android
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-17762

    XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.... Read more

    Affected Products : episerver
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-17751

    Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.... Read more

    Affected Products : soundtouch
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17750

    Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.... Read more

    Affected Products : soundtouch
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17749

    Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.... Read more

    Affected Products : soundtouch
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2017-17743

    Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges... Read more

    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-17742

    Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.... Read more

    Affected Products : ruby debian_linux
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17736

    Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.... Read more

    Affected Products : kentico kentico_cms
    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17725

    In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnera... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17724

    In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17723

    In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17722

    In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-17708

    Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.... Read more

    Affected Products : pleasant_password_server
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17707

    Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "C... Read more

    Affected Products : pleasant_password_server
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-17703

    Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17691

    Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.... Read more

    Affected Products : homeputer_cl_studio_fur_homematic
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-17689

    The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.... Read more

    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293435 Results