Skip to main content
CVE-2017-5868 MEDIUM POC This Month

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Openvpn Access Server
NVD
CVSS 3.0
6.1
EPSS
8.5%
CVE-2017-9239 MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Exiv2 Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-8537 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8536 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8535 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-9037 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2017-9032 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2017-8542 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-8539 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-5646 MEDIUM PATCH This Month

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Apache Knox
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2017-1325 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1291 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1292 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-0269 MEDIUM PATCH This Month

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Contao Cms
NVD
CVSS 3.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy