Skip to main content
CVE-2017-7204 MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Imdbphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7203 MEDIUM POC This Month

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7205 MEDIUM POC This Month

A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gamepanelx V3
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7202 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims7 Cendana
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7214 CRITICAL PATCH Act Now

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nova
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2014-9939 CRITICAL PATCH Act Now

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Intel Binutils
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-4504 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Weblog
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6650 HIGH This Week

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-3849 HIGH This Week

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-7208 HIGH This Week

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libav
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2017-7206 HIGH This Week

The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libav
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2017-6186 MEDIUM This Month

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Antivirus Plus Internet Security Total Security
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-5565 MEDIUM This Month

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus Internet Security Maximum Security +1
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6417 MEDIUM This Month

Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Free Security Suite Internet Security Suite Optimization Suite Total Security Suite
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-5567 MEDIUM This Month

Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Free Antivirus Internet Security Premier Pro Antivirus
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-5566 MEDIUM This Month

Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Anti Virus Internet Security Ultimate
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-7215 MEDIUM PATCH This Month

Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-3850 MEDIUM This Month

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-7200 MEDIUM PATCH This Month

An SSRF issue was discovered in OpenStack Glance before Newton. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glance
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-7207 MEDIUM PATCH This Month

The mem_get_bits_rectangle function in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7210 MEDIUM PATCH This Month

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7209 MEDIUM PATCH This Month

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy