Skip to main content
CVE-2017-0194 MEDIUM PATCH This Month

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 44.2%.

Microsoft Information Disclosure Excel Office Compatibility Pack
NVD
CVSS 3.0
5.5
EPSS
44.2%
CVE-2017-0211 MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
22.3%
CVE-2017-0058 MEDIUM POC PATCH THREAT This Month

A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. Rated medium severity (CVSS 4.7). Public exploit code available and EPSS exploitation probability 16.5%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
16.5%
CVE-2017-0167 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
9.8%
CVE-2015-7562 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-8719 MEDIUM POC This Month

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Awk 3131A Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-7742 MEDIUM POC PATCH This Month

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7741 MEDIUM POC PATCH This Month

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-0192 MEDIUM PATCH This Month

The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.9%.

Microsoft Adobe Information Disclosure Windows 10 Windows 7 +6
NVD
CVSS 3.0
4.3
EPSS
22.9%
CVE-2017-0207 MEDIUM PATCH This Month

Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7%.

Microsoft Information Disclosure Outlook
NVD
CVSS 3.0
6.5
EPSS
11.7%
CVE-2017-0204 MEDIUM PATCH This Month

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 11.7%.

Microsoft Authentication Bypass Outlook
NVD
CVSS 3.0
5.5
EPSS
11.7%
CVE-2017-0208 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
14.9%
CVE-2017-7700 MEDIUM PATCH This Month

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-4896 MEDIUM This Month

SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Setucocms
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-1178 MEDIUM This Month

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure A Blog Cms
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3125 MEDIUM This Month

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortimail
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-2803 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bugzilla
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-4892 MEDIUM This Month

Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Setucocms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4897 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usermin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1179 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-0191 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.8
EPSS
1.7%
CVE-2016-6348 MEDIUM PATCH This Month

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Resteasy
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-0168 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 8 1 Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
5.8
EPSS
0.9%
CVE-2017-0185 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.8
EPSS
0.6%
CVE-2017-0186 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-0183 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2008 +2
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-0182 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2008 +2
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-0179 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-3053 MEDIUM This Month

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2017-3052 MEDIUM This Month

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2017-3046 MEDIUM This Month

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2017-3045 MEDIUM This Month

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2017-3043 MEDIUM This Month

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Acrobat Dc Acrobat Reader Dc +1
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2017-0195 MEDIUM PATCH This Month

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Excel Web App Office Online Server Office Web Apps +2
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2017-7716 MEDIUM PATCH This Month

The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0169 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. Rated medium severity (CVSS 5.4).

Microsoft Information Disclosure Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-4894 MEDIUM This Month

SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Setucocms
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2017-0164 MEDIUM PATCH This Month

A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
4.4
EPSS
5.4%
CVE-2017-0184 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2008 +2
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-0178 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails. Rated medium severity (CVSS 5.4).

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-0203 MEDIUM PATCH This Month

A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.3
EPSS
4.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy