Skip to main content
CVE-2017-12238 MEDIUM KEV THREAT This Month

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-12232 MEDIUM KEV THREAT This Month

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2015-1027 MEDIUM POC This Month

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Toolkit Xtrabackup
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-14861 MEDIUM POC This Month

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14860 MEDIUM POC This Month

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14863 MEDIUM POC This Month

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14866 MEDIUM POC This Month

There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14858 MEDIUM POC This Month

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14857 MEDIUM POC This Month

In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-14864 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-14862 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-14859 MEDIUM POC This Month

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-12239 MEDIUM This Month

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Privilege Escalation Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2017-12222 MEDIUM This Month

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8447 MEDIUM This Month

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass X Pack
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7553 MEDIUM This Month

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mobile Application Platform
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2017-10701 MEDIUM This Month

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Portal
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11479 MEDIUM This Month

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7554 MEDIUM PATCH This Month

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mobile Application Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12228 MEDIUM This Month

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Cisco Information Disclosure iOS +1
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-8444 MEDIUM This Month

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-14865 MEDIUM This Month

There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy