Skip to main content
CVE-2017-8833 MEDIUM POC This Month

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8830 MEDIUM PATCH This Month

In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-8848 MEDIUM PATCH This Month

Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Allen Disk
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-8831 MEDIUM PATCH This Month

The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2017-8832 MEDIUM PATCH This Month

Allen Disk 1.6 has XSS in the id parameter to downfile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Allen Disk
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8846 MEDIUM PATCH This Month

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2017-8847 MEDIUM PATCH This Month

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8845 MEDIUM PATCH This Month

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8843 MEDIUM PATCH This Month

The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-8842 MEDIUM PATCH This Month

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-0893 MEDIUM This Month

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apple Nextcloud Nextcloud Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-0890 MEDIUM PATCH This Month

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2017-0891 MEDIUM This Month

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-0894 MEDIUM PATCH This Month

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy