Skip to main content
CVE-2017-0785 MEDIUM POC PATCH THREAT This Month

A information disclosure vulnerability in the Android system (bluetooth). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Google Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
13.9%
CVE-2017-1002017 MEDIUM POC This Month

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Gift Certificate Creator
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-1002011 MEDIUM POC This Month

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Image Gallery With Slideshow
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2017-1002024 MEDIUM POC PATCH This Month

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Kind Editor Kindeditor
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-13761 MEDIUM PATCH This Month

The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fastly
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1002100 MEDIUM PATCH This Month

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Kubernetes Information Disclosure
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-0783 MEDIUM PATCH This Month

A information disclosure vulnerability in the Android system (bluetooth). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1002150 MEDIUM PATCH This Month

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Python CSRF Python Fedora
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1490 MEDIUM PATCH This Month

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-7553 MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux Red Hat Enterprise Linux +2
NVD
CVSS 3.0
4.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy