Skip to main content
CVE-2017-6443 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmnet Webconfig
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.0%
CVE-2016-7103 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express Business Intelligence Hospitality Cruise Fleet Management +9
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2017-6908 MEDIUM POC PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Concrete5
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5849 MEDIUM POC This Month

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fedora Netpbm
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6430 MEDIUM POC PATCH This Month

The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Ettercap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6435 MEDIUM POC PATCH This Month

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6436 MEDIUM POC PATCH This Month

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6437 MEDIUM POC This Month

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6440 MEDIUM POC This Month

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6439 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6918 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6917 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6916 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6915 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-5583 MEDIUM This Month

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-8896 MEDIUM PATCH This Month

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Linux Desktop Enterprise Linux Eus +4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2017-5578 MEDIUM PATCH This Month

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-5552 MEDIUM PATCH This Month

Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-6414 MEDIUM PATCH This Month

Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Libcacard
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-5525 MEDIUM PATCH This Month

Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-6505 MEDIUM PATCH This Month

The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-5937 MEDIUM PATCH This Month

The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-5526 MEDIUM PATCH This Month

Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-6386 MEDIUM PATCH This Month

Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-5579 MEDIUM PATCH This Month

Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-5993 MEDIUM PATCH This Month

Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6210 MEDIUM PATCH This Month

The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6209 MEDIUM PATCH This Month

Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-10163 MEDIUM PATCH This Month

Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6317 MEDIUM PATCH This Month

Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-5938 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Debian Linux Leap Viewvc
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-6905 MEDIUM PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Concrete5
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6909 MEDIUM PATCH This Month

An issue was discovered in Shimmie <= 2.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Shimmie
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6907 MEDIUM PATCH This Month

An issue was discovered in Open.GL before 2017-03-13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Open Gl
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6906 MEDIUM This Month

An issue was discovered in SiberianCMS before 4.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Siberiancms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10155 MEDIUM PATCH This Month

Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-10167 MEDIUM PATCH This Month

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Libgd
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2017-6851 MEDIUM PATCH This Month

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Jasper
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6906 MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Libgd
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6847 MEDIUM This Month

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6848 MEDIUM This Month

The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6846 MEDIUM This Month

The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6842 MEDIUM This Month

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6841 MEDIUM This Month

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6840 MEDIUM This Month

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6845 MEDIUM This Month

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6849 MEDIUM This Month

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8897 MEDIUM PATCH This Month

The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6850 MEDIUM PATCH This Month

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8894 MEDIUM PATCH This Month

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy