Skip to main content
CVE-2017-11189 MEDIUM POC This Month

unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Unrar Free
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-1285 MEDIUM PATCH This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-7678 MEDIUM PATCH This Month

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apache Spark
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-11195 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1321 MEDIUM PATCH This Month

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-11194 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11180 MEDIUM This Month

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11179 MEDIUM This Month

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8947 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11182 MEDIUM This Month

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-8948 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8946 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6114 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8950 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-11181 MEDIUM This Month

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8953 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy