Skip to main content
CVE-2017-12794 MEDIUM POC PATCH THREAT This Month

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

XSS Python Django
NVD
CVSS 3.0
6.1
EPSS
21.0%
CVE-2017-14173 MEDIUM POC PATCH This Month

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2017-14174 MEDIUM POC PATCH This Month

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-14175 MEDIUM POC PATCH This Month

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-14172 MEDIUM POC PATCH This Month

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-14219 MEDIUM POC This Month

XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wrn 240 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-5060 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anchor Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12906 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-13754 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codemeter
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2015-7672 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Centreon
NVD GitHub
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-6794 MEDIUM This Month

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Meeting Server
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2017-6796 MEDIUM This Month

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12224 MEDIUM This Month

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14171 MEDIUM PATCH This Month

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14170 MEDIUM PATCH This Month

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12225 MEDIUM This Month

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Lan Management Solution
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6792 MEDIUM This Month

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6793 MEDIUM This Month

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12223 MEDIUM This Month

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Cisco Ir800 Integrated Services Router Firmware
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-12416 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-6789 MEDIUM This Month

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1189 MEDIUM This Month

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12212 MEDIUM This Month

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3169 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Askbot
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14195 MEDIUM This Month

The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14194 MEDIUM This Month

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14193 MEDIUM This Month

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14192 MEDIUM This Month

The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-4721 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12220 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-12133 MEDIUM This Month

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Glibc
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-12218 MEDIUM This Month

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-12911 MEDIUM This Month

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12912 MEDIUM This Month

The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12211 MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-12221 MEDIUM This Month

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-1502 MEDIUM This Month

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1098 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12227 MEDIUM This Month

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Emergency Responder
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12217 MEDIUM This Month

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5500 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2015-8079 MEDIUM This Month

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qtwebkit
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2017-6795 MEDIUM This Month

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Cisco Ios Xe
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2017-12213 MEDIUM This Month

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy