Skip to main content
CVE-2017-8387 MEDIUM POC This Month

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stdu Viewer
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10923 MEDIUM This Month

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-10919 MEDIUM This Month

Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-8420 MEDIUM This Month

SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Swftools
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1258 MEDIUM This Month

IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10911 MEDIUM PATCH This Month

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-1217 MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1256 MEDIUM This Month

IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1207 MEDIUM This Month

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1113 MEDIUM This Month

IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9746 MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9733 MEDIUM This Month

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9701 MEDIUM This Month

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Team Concert Rational Collaborative Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1096 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9989 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9988 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9987 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9986 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1208 MEDIUM This Month

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1157 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-9700 MEDIUM This Month

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy