Latest CVE Feed
-
5.3
MEDIUMCVE-2017-9273
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.... Read more
- EPSS Score: %0.24
- Published: Oct. 06, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9245
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.... Read more
Affected Products : news_and_weather- EPSS Score: %1.32
- Published: Jul. 19, 2017
- Modified: Apr. 20, 2025
-
8.0
HIGHCVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands direct... Read more
- EPSS Score: %0.14
- Published: May. 21, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-9135
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible ... Read more
- EPSS Score: %0.37
- Published: May. 21, 2017
- Modified: Apr. 20, 2025
-
4.7
MEDIUMCVE-2017-0650
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process.... Read more
- EPSS Score: %0.23
- Published: Jun. 14, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-9070
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.... Read more
- EPSS Score: %0.22
- Published: May. 18, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.... Read more
- EPSS Score: %0.13
- Published: May. 18, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-0865
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.... Read more
Affected Products : dive_assistant- EPSS Score: %1.74
- Published: Sep. 12, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-8862
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.... Read more
- EPSS Score: %0.34
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-8840
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Add... Read more
Affected Products : b305hw2_firmware 380hw6_firmware 580hw2_firmware 710hw3_firmware 1350hw2_firmware 2500_firmware balance_305 balance_380 balance_580 balance_710 +2 more products- EPSS Score: %3.84
- Published: Jun. 05, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-13984
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.... Read more
Affected Products : bsm_platform_application_performance_management_system_health- EPSS Score: %1.27
- Published: Sep. 30, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-8454
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.... Read more
- EPSS Score: %1.21
- Published: May. 03, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-3630
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML ... Read more
- EPSS Score: %0.71
- Published: Dec. 29, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-7683
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.... Read more
Affected Products : openmeetings- EPSS Score: %0.61
- Published: Jul. 17, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8272
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.... Read more
Affected Products : android- EPSS Score: %0.05
- Published: Aug. 18, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.... Read more
Affected Products : ranger- EPSS Score: %0.32
- Published: Jun. 14, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8192
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege es... Read more
Affected Products : fusionsphere_openstack- EPSS Score: %0.02
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
4.9
MEDIUMCVE-2017-8161
EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass secu... Read more
- EPSS Score: %0.03
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-8077
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more
- EPSS Score: %0.44
- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025