Skip to main content
CVE-2017-6339 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.7%
CVE-2017-6975 MEDIUM POC This Month

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Apple Iphone Os
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-6338 MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-2671 MEDIUM POC PATCH This Month

The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-7448 MEDIUM POC PATCH This Month

The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6340 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-0886 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Denial Of Service Nextcloud Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2014-9829 MEDIUM PATCH This Month

coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-0883 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-7443 MEDIUM PATCH This Month

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apt Cacher Ng Apt Cacher
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3031 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3015 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-9019 MEDIUM PATCH This Month

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libxslt
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-1180 MEDIUM This Month

The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0330 MEDIUM PATCH This Month

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0328 MEDIUM PATCH This Month

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0888 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2017-0887 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-0885 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-0884 MEDIUM PATCH This Month

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy