Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2017-2708

    The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authenticat... Read more

    Affected Products : nice_firmware nice
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-12674

    In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2697

    The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C1... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2716

    The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter t... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-2707

    Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-2711

    P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to... Read more

    Affected Products : p9_plus_firmware p9_plus
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12434

    In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.... Read more

    Affected Products : imagemagick
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2698

    The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given param... Read more

    Affected Products : p8_firmware p8
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-12330

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker cou... Read more

    Affected Products : nx-os nx-os
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1228

    IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensi... Read more

    Affected Products : bigfix_platform
    • Published: Oct. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2699

    The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs contai... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12235

    A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (Do... Read more

    • Actively Exploited
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-12230

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users ... Read more

    Affected Products : ios_xe
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7538

    coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-7542

    A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may t... Read more

    Affected Products : fortios
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2414

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail... Read more

    Affected Products : iphone_os
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2449

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a cr... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2457

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption... Read more

    Affected Products : iphone_os safari
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7599

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to byp... Read more

    Affected Products : itunes iphone_os safari icloud
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-7609

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294701 Results