Skip to main content
CVE-2017-1000051 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cryptpad
NVD GitHub
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-8006 MEDIUM This Month

In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Rsa Authentication Manager
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2017-2346 MEDIUM This Month

An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-1000007 MEDIUM PATCH This Month

txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Txaws
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-11353 MEDIUM PATCH This Month

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Yadm
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-11348 MEDIUM This Month

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Octopus Deploy Octopus Server
NVD GitHub
CVSS 3.0
5.7
EPSS
0.6%
CVE-2017-11328 MEDIUM This Month

Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7685 MEDIUM PATCH This Month

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-9338 MEDIUM This Month

Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Owncloud
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2017-8005 MEDIUM This Month

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Identity Governance And Lifecycle Rsa Identity Management And Governance Rsa Via Lifecycle And Governance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-10604 MEDIUM This Month

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-9339 MEDIUM This Month

A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2017-8000 MEDIUM This Month

In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2017-3742 MEDIUM This Month

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for. Rated medium severity (CVSS 4.8). No vendor patch available.

Google Microsoft Lenovo Information Disclosure Connect2
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2016-4982 MEDIUM This Month

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Authd
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-4984 MEDIUM This Month

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Openldap Servers
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2017-7531 MEDIUM PATCH This Month

In Moodle 3.3, the course overview block reveals activities in hidden courses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy