Skip to main content
CVE-2014-8889 MEDIUM This Month

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Dropbox Sdk
NVD
CVSS 3.0
5.3
EPSS
8.3%
CVE-2017-14741 MEDIUM PATCH This Month

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-7971 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7970 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14744 MEDIUM This Month

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ueditor
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14751 MEDIUM This Month

The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Jobs
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7391 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Testlink
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0874 MEDIUM This Month

Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Smart Passbook
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-7972 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1000252 MEDIUM PATCH This Month

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9959 MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-14737 MEDIUM This Month

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Botan Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-1531 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1530 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1425 MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14748 MEDIUM This Month

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Overwatch
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-9960 MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-3248 MEDIUM This Month

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Openhpi
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2015-5069 MEDIUM PATCH This Month

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Battle For Wesnoth Fedora
NVD GitHub
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy