Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-13100

    DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.... Read more

    Affected Products : the_moron_test
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13097

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The method... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13096

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13095

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are fla... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13094

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP.... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13093

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13092

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracl... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13091

    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decrypt... Read more

    Affected Products : -
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-13073

    Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : photo_station
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-13072

    Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.... Read more

    Affected Products : qts
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12945

    Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.... Read more

    Affected Products : solstice_firmware solstice
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-12885

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12884

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12842

    Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevan... Read more

    Affected Products : bitcoin_core
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2017-12839

    A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.... Read more

    Affected Products : mpg123
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-12815

    Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/... Read more

    Affected Products : remote_support
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12806

    In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12805

    In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-12804

    The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.... Read more

    Affected Products : imageworsener
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12795

    OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).... Read more

    Affected Products : openmrs-module-htmlformentry
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results