Skip to main content
CVE-2017-4971 MEDIUM PATCH This Month

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 75.4%.

Java Information Disclosure Spring Web Flow
NVD
CVSS 3.0
5.9
EPSS
75.4%
CVE-2017-1099 MEDIUM This Month

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 35.5% and no vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
35.5%
CVE-2017-4974 MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-6655 MEDIUM This Month

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Mds 9000 Nx Os Nx Os For Nexus 5500 Platform Switches +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-8219 MEDIUM This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Capi Release Cf Release
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-6673 MEDIUM This Month

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6691 MEDIUM This Month

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6697 MEDIUM This Month

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-4965 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2017-4967 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-6661 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Content Security Management Appliance Email Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6670 MEDIUM This Month

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6675 MEDIUM This Month

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Industrial Network Director
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6656 MEDIUM This Month

A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Series
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2017-6666 MEDIUM This Month

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2017-4970 MEDIUM This Month

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cf Release Staticfile Buildpack
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-8242 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-10332 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8239 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9605 MEDIUM PATCH This Month

The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10337 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10336 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10335 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10334 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10333 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-9024 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-9021 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6696 MEDIUM This Month

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6695 MEDIUM This Month

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Platform
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8235 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7366 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6694 MEDIUM This Month

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Platform
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6693 MEDIUM This Month

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Elastic Elastic Services Controller
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3696 MEDIUM This Month

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fedora Pulp
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1104 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1102 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1101 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1100 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9973 MEDIUM This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-6668 MEDIUM This Month

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-6690 MEDIUM This Month

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asr 5000 Software
NVD
CVSS 3.0
4.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy