Skip to main content
CVE-2017-12138 MEDIUM POC THREAT This Month

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Open Redirect PHP Xoops
NVD GitHub
CVSS 3.0
6.1
EPSS
12.4%
CVE-2017-7890 MEDIUM PATCH This Month

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

PHP Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
30.2%
CVE-2017-11356 MEDIUM POC This Month

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.0%
CVE-2017-11355 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.8%
CVE-2017-9244 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Trello
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-2690 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Addons Module
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-9770 MEDIUM POC This Month

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Razer Synapse
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2282 MEDIUM This Month

Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wn Ax1167Gr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-12140 MEDIUM PATCH This Month

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7845 MEDIUM This Month

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Gigacc Office
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2012-5030 MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco iOS
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12145 MEDIUM PATCH This Month

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libquicktime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12143 MEDIUM PATCH This Month

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libquicktime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-0194 MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11437 MEDIUM This Month

GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-11438 MEDIUM This Month

GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-9467 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-9459 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-2284 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Popup Maker
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-2285 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Simple Custom Css And Js
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-12200 MEDIUM This Month

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Product Catalog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12139 MEDIUM This Month

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xoops
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2278 MEDIUM This Month

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Rbb Speed Test
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-3642 MEDIUM This Month

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Oracle Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-5203 MEDIUM This Month

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Leap Opensuse Jasper
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2017-12144 MEDIUM This Month

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-7844 MEDIUM This Month

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection Gigacc Office
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12141 MEDIUM PATCH This Month

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12142 MEDIUM This Month

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-10806 MEDIUM PATCH This Month

Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-1495 MEDIUM This Month

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow IBM Infosphere Information Server
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-11334 MEDIUM PATCH This Month

The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy