Skip to main content
CVE-2017-14620 MEDIUM POC This Month

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smarterstats
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-14939 MEDIUM POC PATCH This Month

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.0%
CVE-2017-13984 MEDIUM This Month

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2017-13985 MEDIUM This Month

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-13987 MEDIUM This Month

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13988 MEDIUM This Month

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-14920 MEDIUM PATCH This Month

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Egroupware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-14352 MEDIUM This Month

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-13986 MEDIUM This Month

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14582 MEDIUM This Month

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Zoho Site24X7 Mobile Network Poller
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-14938 MEDIUM PATCH This Month

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-14933 MEDIUM PATCH This Month

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-14940 MEDIUM PATCH This Month

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14932 MEDIUM PATCH This Month

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14930 MEDIUM PATCH This Month

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14934 MEDIUM PATCH This Month

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-14931 MEDIUM This Month

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Openexif
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14928 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14926 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14927 MEDIUM This Month

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Poppler
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14923 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14922 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14921 MEDIUM PATCH This Month

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tine 2 0
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-13991 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-13990 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-9794 MEDIUM PATCH This Month

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Geode
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy