Skip to main content
CVE-2017-1000250 MEDIUM POC THREAT This Month

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

Information Disclosure Bluez
NVD
CVSS 3.0
6.5
EPSS
34.3%
CVE-2017-3132 MEDIUM POC This Month

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fortinet Fortios
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
8.8%
CVE-2017-3133 MEDIUM POC This Month

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fortinet Fortios
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
8.7%
CVE-2017-3131 MEDIUM POC THREAT This Month

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

XSS Fortinet Fortios
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
11.5%
CVE-2017-14325 MEDIUM POC This Month

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-14400 MEDIUM POC This Month

In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-14343 MEDIUM POC This Month

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14326 MEDIUM POC This Month

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14324 MEDIUM POC This Month

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14341 MEDIUM POC PATCH This Month

ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-14342 MEDIUM POC This Month

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14347 MEDIUM POC This Month

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8918 MEDIUM POC This Month

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Dive Assistant
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.7%
CVE-2015-9230 MEDIUM POC This Month

In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bulletproof Security
NVD GitHub
CVSS 3.1
4.8
EPSS
1.2%
CVE-2015-9229 MEDIUM POC This Month

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nextgen Gallery
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2017-1439 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-1438 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-14314 MEDIUM PATCH This Month

Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-14318 MEDIUM PATCH This Month

An issue was discovered in Xen 4.5.x through 4.9.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14313 MEDIUM PATCH This Month

The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Shibboleth
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-1519 MEDIUM PATCH This Month

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Db2 Db2 Connect
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2017-14317 MEDIUM PATCH This Month

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. Rated medium severity (CVSS 5.6).

Denial Of Service Race Condition Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2017-1352 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Maximo Asset Management
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7735 MEDIUM This Month

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-7734 MEDIUM This Month

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2014-9634 MEDIUM PATCH This Month

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Jenkins Information Disclosure
NVD GitHub
CVSS 3.0
5.3
EPSS
0.7%
CVE-2014-9635 MEDIUM PATCH This Month

Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Jenkins Information Disclosure
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-1434 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Db2 Db2 Connect
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy