Skip to main content
CVE-2017-4905 MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion Fusion Pro Workstation Player +2
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2015-6540 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Intellect Digital Core
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9834 MEDIUM POC This Month

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-9473 MEDIUM POC This Month

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9471 MEDIUM POC This Month

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9470 MEDIUM POC This Month

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9474 MEDIUM POC This Month

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9472 MEDIUM POC This Month

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0254 MEDIUM PATCH This Month

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Cognos Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9500 MEDIUM PATCH This Month

In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2015-8538 MEDIUM This Month

dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-9501 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9499 MEDIUM PATCH This Month

In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-7514 MEDIUM PATCH This Month

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ironic
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3019 MEDIUM PATCH This Month

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-9310 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Backup To Dropbox
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1178 MEDIUM This Month

IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bigfix Security Compliance Analytics
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-8939 MEDIUM This Month

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8326 MEDIUM PATCH This Month

The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Iptables Parse Module
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5960 MEDIUM This Month

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-4900 MEDIUM PATCH This Month

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Workstation Player Workstation Pro
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6089 MEDIUM PATCH This Month

IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Authentication Bypass Websphere Mq
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1305 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-6959 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Vindula 1.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vindula
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-3295 MEDIUM PATCH This Month

markdown-it before 4.1.0 does not block data: URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Markdown It
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-9710 MEDIUM PATCH This Month

IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cognos Business Intelligence Server
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5959 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-4899 MEDIUM PATCH This Month

VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Workstation Player Workstation Pro
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-3051 MEDIUM PATCH This Month

IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy