Skip to main content
CVE-2017-3735 MEDIUM PATCH This Month

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.5%.

Buffer Overflow OpenSSL Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
36.5%
CVE-2017-9978 MEDIUM POC THREAT This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Information Disclosure Quantastor
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
16.4%
CVE-2017-12952 MEDIUM POC This Month

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.7%
CVE-2017-12950 MEDIUM POC This Month

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
4.4%
CVE-2017-12954 MEDIUM POC This Month

The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2017-12953 MEDIUM POC This Month

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2017-12951 MEDIUM POC This Month

The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2017-9979 MEDIUM POC This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quantastor
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2014-8753 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cit E Access
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-1177 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Exponent Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-9514 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Footprints Service Core
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0210 MEDIUM POC This Month

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wpa Supplicant
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-12877 MEDIUM PATCH This Month

Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2014-8163 MEDIUM This Month

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Satellite
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12919 MEDIUM This Month

Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12923 MEDIUM This Month

OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12922 MEDIUM This Month

wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12921 MEDIUM This Month

PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12920 MEDIUM This Month

CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12925 MEDIUM This Month

Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12924 MEDIUM This Month

CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12876 MEDIUM PATCH This Month

Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2015-2046 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mantisbt
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2014-9557 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartcms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2014-9469 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vbulletin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-4925 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Good For Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-0141 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Satellite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2013-7430 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Googlemaps
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-0101 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-8168 MEDIUM This Month

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Satellite
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2017-13716 MEDIUM PATCH This Month

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-3976 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multilink Ml810 Firmware Multilink Ml3000 Firmware Multilink Ml3100 Firmware Multilink Ml800 Firmware +3
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-12077 MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Synology Router Manager
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2017-12076 MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Synology Diskstation Manager
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2015-0233 MEDIUM This Month

Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 389 Administration Server
NVD
CVSS 3.0
4.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy