Skip to main content
CVE-2015-8309 MEDIUM POC PATCH This Month

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cherrymusic
NVD GitHub Exploit-DB
CVSS 3.0
4.3
EPSS
6.6%
CVE-2017-6878 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-6463 MEDIUM This Month

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2017-6464 MEDIUM PATCH This Month

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ntp
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2017-7273 MEDIUM PATCH This Month

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-1142 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-8010 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icinga Leap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-7271 MEDIUM PATCH This Month

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Yii
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1120 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6067 MEDIUM This Month

Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symphony
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6003 MEDIUM This Month

dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dotcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8762 MEDIUM PATCH This Month

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Null Pointer Dereference Denial Of Service Freeradius
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-7275 MEDIUM PATCH This Month

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7274 MEDIUM PATCH This Month

The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-7474 MEDIUM This Month

In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5973 MEDIUM PATCH This Month

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-9922 MEDIUM PATCH This Month

The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-6459 MEDIUM This Month

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Ntp
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8310 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Cherrymusic
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9737 MEDIUM PATCH This Month

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6056 MEDIUM PATCH This Month

IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Call Center For Commerce
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-5238 MEDIUM This Month

Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ev 07S Gps Tracker Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1143 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy