Skip to main content
CVE-2017-7298 MEDIUM POC This Month

In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2686 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-2687 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6846 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Documentconverter Api Office Web Open Xchange Appsuite Backend +1
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8234 MEDIUM PATCH This Month

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Glance
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7299 MEDIUM PATCH This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4976 MEDIUM PATCH This Month

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Ambari
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6864 MEDIUM This Month

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-5900 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nb16Wv 02 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy