Skip to main content
CVE-2017-3880 MEDIUM This Month

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-3811 MEDIUM This Month

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cisco Webex Meetings Server
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-0107 MEDIUM PATCH This Month

Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2017-3877 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-0043 MEDIUM PATCH This Month

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2008 Windows Server 2012 +1
NVD
CVSS 3.0
5.3
EPSS
6.0%
CVE-2017-0017 MEDIUM PATCH This Month

The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microsoft Information Disclosure Edge
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2017-0009 MEDIUM PATCH This Month

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

Buffer Overflow Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
10.6%
CVE-2017-0055 MEDIUM PATCH This Month

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-0033 MEDIUM PATCH This Month

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.3%.

Microsoft Information Disclosure Edge Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
10.3%
CVE-2017-0110 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microsoft Exchange Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-3872 MEDIUM This Month

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-6958 MEDIUM PATCH This Month

An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Source Integration
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-3868 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Computing System Director
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-3866 MEDIUM This Month

A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Service Catalog
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-0073 MEDIUM PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.1
4.3
EPSS
9.2%
CVE-2017-0011 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
8.4%
CVE-2017-0012 MEDIUM PATCH This Month

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
8.4%
CVE-2017-0069 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
8.0%
CVE-2017-3870 MEDIUM This Month

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Web Security Appliance
NVD
CVSS 3.0
5.8
EPSS
0.3%
CVE-2017-0007 MEDIUM PATCH This Month

Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2015-4645 MEDIUM This Month

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Squashfs Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9853 MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo Leap Opensuse +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-0076 MEDIUM PATCH This Month

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2017-6961 MEDIUM This Month

An issue was discovered in apng2gif 1.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apng2Gif
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7313 MEDIUM This Month

LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-0098 MEDIUM PATCH This Month

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-0099 MEDIUM PATCH This Month

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-0097 MEDIUM PATCH This Month

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-0074 MEDIUM PATCH This Month

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-0051 MEDIUM PATCH This Month

Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2017-6955 MEDIUM This Month

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure Invite Anyone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2017-3879 MEDIUM This Month

A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2017-3878 MEDIUM This Month

A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2017-3874 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-3869 MEDIUM This Month

An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Infrastructure
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-3875 MEDIUM This Month

An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-3867 MEDIUM This Month

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-3815 MEDIUM This Month

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Server Software
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0154 MEDIUM PATCH This Month

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Microsoft Code Injection Internet Explorer
NVD
CVSS 3.0
4.4
EPSS
1.0%
CVE-2017-6954 MEDIUM PATCH This Month

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress PHP Privilege Escalation Buddypress
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-3871 MEDIUM This Month

A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Optical
NVD
CVSS 3.0
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy