Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-14870

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.... Read more

    Affected Products : android
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-14869

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.... Read more

    Affected Products : android
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14854

    A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14853

    The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid out... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14852

    An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14851

    A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14850

    All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or n... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-14807

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction an... Read more

    Affected Products : studio_onsite susestudio-ui-server
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14806

    A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE... Read more

    Affected Products : studio_onsite susestudio-ui-server
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-14804

    The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.... Read more

    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14803

    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.... Read more

    Affected Products : access_manager netiq_access_manager
    • Published: Jan. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14802

    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.... Read more

    Affected Products : access_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14801

    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.... Read more

    Affected Products : access_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14800

    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.... Read more

    Affected Products : access_manager
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14799

    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.... Read more

    Affected Products : access_manager
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2017-14798

    A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.... Read more

    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14742

    Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.... Read more

    Affected Products : nfsaxe
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-14740

    Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.... Read more

    Affected Products : genixcms
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14728

    An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP ... Read more

    Affected Products : siteomat
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14710

    The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a ... Read more

    Affected Products : shein-fashion_shopping_online
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results