Skip to main content
CVE-2017-10709 MEDIUM This Month

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-6030 MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-8443 MEDIUM This Month

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-2298 MEDIUM PATCH This Month

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mcollective Sshkey Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-6036 MEDIUM This Month

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10669 MEDIUM This Month

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Osci Transport Library
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6018 MEDIUM This Month

An open redirect issue was discovered in B. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Station Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-10668 MEDIUM This Month

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Osci Transport Library
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-10674 MEDIUM This Month

Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Antivirus Engine
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-9102 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Photo Station
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-9105 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-9103 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Note Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-9104 MEDIUM This Month

Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Audio Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6040 MEDIUM This Month

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-6032 MEDIUM This Month

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modbus Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy