Skip to main content
CVE-2017-4916 MEDIUM POC PATCH This Month

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Microsoft VMware Workstation Player +1
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.5%
CVE-2017-9147 MEDIUM POC This Month

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.8%
CVE-2017-9140 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Telerik Reporting Sitefinity Cms
NVD
CVSS 3.0
6.1
EPSS
4.8%
CVE-2017-2528 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Safari Iphone Os
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-2510 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Safari Iphone Os
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-2508 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Safari Iphone Os
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-2504 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Safari Iphone Os Tvos
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-2509 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Mac Os X
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.0%
CVE-2017-6982 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple Iphone Os
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2017-9150 MEDIUM POC PATCH This Month

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-2516 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Mac Os X
NVD Exploit-DB
CVSS 3.0
5.0
EPSS
1.9%
CVE-2017-6635 MEDIUM This Month

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Privilege Escalation Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2017-6636 MEDIUM This Month

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2017-9142 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2017-9141 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2017-6637 MEDIUM This Month

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Privilege Escalation Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-9143 MEDIUM PATCH This Month

In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-9144 MEDIUM PATCH This Month

In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2017-2495 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Iphone Os Safari
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-2511 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-2168 MEDIUM This Month

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Booking System
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-2169 MEDIUM This Month

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Maxbuttons
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-2549 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Iphone Os Tvos
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-2174 MEDIUM This Month

Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Empirical Project Monitor Extended
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4903 MEDIUM PATCH This Month

Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Olivecart Olivecartpro
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2497 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apple Iphone Os Mac Os X
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2171 MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha Car Rental Contact Form +48
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6654 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-6988 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-2540 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-2507 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-2502 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6987 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6990 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1320 MEDIUM PATCH This Month

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Federated Identity Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-2173 MEDIUM This Month

Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Empirical Project Monitor Extended
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1282 MEDIUM PATCH This Month

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6630 MEDIUM This Month

A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2017-1159 MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-6647 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6646 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6645 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6644 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6643 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6642 MEDIUM This Month

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Expert Manager
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-2500 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-4863 MEDIUM This Month

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Flashair
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-2162 MEDIUM This Month

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flashair
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy