Skip to main content
CVE-2017-1000026 HIGH PATCH This Week

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mixlib Archive
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-9933 HIGH This Week

Improper cache invalidation in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
7.5
EPSS
0.0%
CVE-2017-8004 HIGH This Week

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rsa Identity Governance And Lifecycle Rsa Identity Management And Governance Rsa Via Lifecycle And Governance
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2015-0249 HIGH This Week

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Apache Roller
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-3080 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2017-1000061 HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure Xmlsec
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
CVE-2017-10603 HIGH This Week

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. Rated high severity (CVSS 7.0). No vendor patch available.

Code Injection Juniper Junos
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-10602 HIGH This Week

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Juniper Junos
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-4996 HIGH This Week

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Satellite
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-1181 HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-3100 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2017-11340 MEDIUM This Month

There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11337 MEDIUM This Month

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11336 MEDIUM This Month

There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11338 MEDIUM This Month

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-3754 MEDIUM This Month

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Bios
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-11352 MEDIUM PATCH This Month

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-8034 MEDIUM This Month

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Capi Release Cf Release Routing Release
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2017-2240 MEDIUM PATCH This Month

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apple Assetview
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-11339 MEDIUM This Month

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-2347 MEDIUM This Month

A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6312 MEDIUM This Month

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Red Hat Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-11360 MEDIUM PATCH This Month

The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-7947 MEDIUM This Month

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1000027 MEDIUM This Month

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Sme Server
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2017-2642 MEDIUM PATCH This Month

Moodle 3.x has user fullname disclosure on the user preferences page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7532 MEDIUM PATCH This Month

In Moodle 3.x, course creators are able to change system default settings for courses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Moodle
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-2241 MEDIUM PATCH This Month

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Apple SQLi Assetview
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2017-3103 MEDIUM This Month

Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-7663 MEDIUM PATCH This Month

Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Openmeetings
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-1000006 MEDIUM PATCH This Month

Plotly, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plotly Js
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-3102 MEDIUM This Month

Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-1000015 MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-0764 MEDIUM This Month

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Red Hat Information Disclosure Networkmanager
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2016-10398 MEDIUM This Month

Android 6.0 has an authentication bypass for attackers with root and physical access. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2017-9934 MEDIUM This Month

Missing CSRF token checks and improper input validation in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Joomla
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8896 MEDIUM This Month

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Owncloud
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1000065 MEDIUM PATCH This Month

Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Openmediavault
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000059 MEDIUM This Month

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Helper Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000078 MEDIUM This Month

Linux foundation ONOS 1.9 is vulnerable to XSS in the device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onos
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-1000058 MEDIUM This Month

Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chevereto
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000013 MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000063 MEDIUM This Month

kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Kitto
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000054 MEDIUM This Month

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000035 MEDIUM This Month

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tiny Tiny Rss
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000012 MEDIUM This Month

MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mysqldumper
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000011 MEDIUM This Month

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mywebsql
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000005 MEDIUM This Month

PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Phpminiadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000032 MEDIUM This Month

Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Cacti
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000070 MEDIUM PATCH This Month

The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy