Skip to main content
CVE-2017-14498 MEDIUM POC PATCH This Month

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Silverstripe
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14489 MEDIUM POC PATCH This Month

The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10813 MEDIUM This Month

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wlr 300 Nm Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2017-10814 MEDIUM This Month

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Wlr 300 Nm Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-0110 MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-4925 MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware ESXi Workstation +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14340 MEDIUM PATCH This Month

The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-14483 MEDIUM This Month

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure Dev Python Flower
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-4926 MEDIUM PATCH This Month

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS VMware Vcenter Server
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy