Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17098

    The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php syste... Read more

    Affected Products : gps_tracking_software
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17097

    gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for... Read more

    Affected Products : gps_tracking_software
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17062

    The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege ma... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17061

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17060

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-17023

    The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the soft... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-17020

    On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) all... Read more

    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16945

    The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.... Read more

    Affected Products : macos arq
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16928

    The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.... Read more

    Affected Products : macos arq
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16924

    Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collection... Read more

    Affected Products : manageengine_desktop_central
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-16922

    In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.... Read more

    Affected Products : streaming_engine
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-16914

    The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-16913

    The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-16912

    The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-16911

    The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16910

    An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.... Read more

    Affected Products : ubuntu_linux libraw
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16909

    An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.... Read more

    Affected Products : ubuntu_linux libraw
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-16905

    The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.... Read more

    Affected Products : android tinycards
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-16900

    Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.... Read more

    Affected Products : i-onenet
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-16890

    SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.... Read more

    Affected Products : swftools
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293611 Results