Skip to main content
CVE-2017-9083 MEDIUM POC This Month

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2015-5241 MEDIUM PATCH This Month

After logging into the portal, the logout jsp page redirects the browser back to the login page after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Apache Juddi
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2017-7907 MEDIUM This Month

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Schneider Electric Wonderware Historian Client
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-9094 MEDIUM PATCH This Month

The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imageworsener
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9093 MEDIUM PATCH This Month

The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imageworsener
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-7475 MEDIUM PATCH This Month

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Cairo
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2017-4978 MEDIUM This Month

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adaptive Authentication On Premise
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9079 MEDIUM PATCH This Month

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. Rated medium severity (CVSS 4.7). This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Dropbear Ssh Debian Linux
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-7937 MEDIUM This Month

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mguard Firmware
NVD
CVSS 3.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy