Skip to main content
CVE-2017-6792 MEDIUM This Month

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6793 MEDIUM This Month

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12223 MEDIUM This Month

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Cisco Ir800 Integrated Services Router Firmware
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-12416 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-6789 MEDIUM This Month

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1189 MEDIUM This Month

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12212 MEDIUM This Month

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3169 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Askbot
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14195 MEDIUM This Month

The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14194 MEDIUM This Month

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14193 MEDIUM This Month

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14192 MEDIUM This Month

The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-4721 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12220 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-12133 MEDIUM This Month

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Glibc
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-12218 MEDIUM This Month

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-12911 MEDIUM This Month

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12912 MEDIUM This Month

The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12211 MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-12221 MEDIUM This Month

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-1502 MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1098 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12227 MEDIUM This Month

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Emergency Responder
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12217 MEDIUM This Month

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5500 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2015-8079 MEDIUM This Month

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qtwebkit
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2017-6795 MEDIUM This Month

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Cisco Ios Xe
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2017-12213 MEDIUM This Month

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy