Skip to main content
CVE-2017-9476 MEDIUM POC THREAT This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.1%.

Cisco Information Disclosure Dpc3939 Firmware Arris Tg1682G Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
16.1%
CVE-2017-11358 MEDIUM POC This Month

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Sound Exchange +1
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.8%
CVE-2017-11359 MEDIUM POC This Month

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.2%
CVE-2017-9477 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11330 MEDIUM POC This Month

The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Divfix
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.5%
CVE-2017-11727 MEDIUM POC This Month

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Manage
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-11332 MEDIUM POC This Month

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.6%
CVE-2017-11333 MEDIUM POC This Month

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libvorbis
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.4%
CVE-2017-9487 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware Dpc3941T Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-11548 MEDIUM POC This Month

The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libao
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
2.3%
CVE-2017-11331 MEDIUM POC This Month

The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Vorbis Tools
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.9%
CVE-2017-11115 MEDIUM POC This Month

The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Openexif
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-11119 MEDIUM POC This Month

The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Nosefart
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-11117 MEDIUM POC This Month

The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Openexif
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9480 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9497 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-9496 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-9717 MEDIUM PATCH This Month

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9493 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.2%
CVE-2017-1332 MEDIUM This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1303 MEDIUM PATCH This Month

IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-9475 MEDIUM This Month

Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xfinity Wifi Hotspot
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-1386 MEDIUM This Month

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Authentication Bypass Api Connect Api Management
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-9719 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2017-11551 MEDIUM This Month

The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libid3Tag
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2017-11114 MEDIUM This Month

The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Links
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-11550 MEDIUM This Month

The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libid3Tag
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-11118 MEDIUM This Month

The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openexif
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-11549 MEDIUM This Month

The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Timidity
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-11547 MEDIUM This Month

The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Timidity
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-11546 MEDIUM This Month

The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Timidity
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9498 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware Xfinity Xr11 20 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-9718 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Master Data Management Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9715 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Master Data Management Server
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1496 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9491 MEDIUM This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware Dpc3939B Firmware Dpc3941T Firmware +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-9494 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1370 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-9495 MEDIUM This Month

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mx011Anm Firmware
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy