Skip to main content
CVE-2016-10404 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12645 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6762 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Jabber Guest
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6761 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Finesse
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6765 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7932 MEDIUM This Month

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite,. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Vybrid Mvf30Nn151Cku26 Firmware Vybrid Mvf30Ns151Cku26 Firmware Vybrid Mvf50Nn151Cmk40 Firmware Vybrid Mvf50Nn151Cmk50 Firmware +26
NVD
CVSS 3.0
6.0
EPSS
0.0%
CVE-2015-3839 MEDIUM This Month

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-6418 MEDIUM PATCH This Month

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Clamav
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6420 MEDIUM PATCH This Month

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Clamav
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8621 MEDIUM This Month

t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation T Coffee
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6764 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-6769 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Access Control System
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6770 MEDIUM This Month

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Code Injection Cisco Nx Os Nx Os For Nexus 5500 Platform Switches +5
NVD
CVSS 3.1
4.2
EPSS
0.6%
CVE-2015-7561 LOW PATCH Monitor

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Kubernetes Privilege Escalation Openshift
NVD GitHub
CVSS 3.0
3.1
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy