Skip to main content
CVE-2017-9697 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9092 MEDIUM PATCH This Month

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libjpeg Turbo Fedora Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2017-1538 MEDIUM This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-15217 MEDIUM PATCH This Month

ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-14614 MEDIUM This Month

Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gridgain
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12623 MEDIUM PATCH This Month

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Apache Nifi
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-10514 MEDIUM PATCH This Month

url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Piwigo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-15218 MEDIUM PATCH This Month

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-6918 MEDIUM PATCH This Month

salt before 2015.5.5 leaks git usernames and passwords to the log. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Salt 2015
NVD GitHub
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-10513 MEDIUM PATCH This Month

Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1503 MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15216 MEDIUM This Month

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Misp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-7778 MEDIUM This Month

Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Gournavi
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2017-11063 MEDIUM This Month

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Mozilla +1
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-15038 MEDIUM PATCH This Month

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to. Rated medium severity (CVSS 5.6).

Race Condition Information Disclosure Qemu
NVD
CVSS 3.0
5.6
EPSS
0.0%
CVE-2017-15225 MEDIUM PATCH This Month

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-13721 MEDIUM This Month

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation X Server Debian Linux
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-13675 MEDIUM This Month

A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Endpoint Encryption
NVD
CVSS 3.0
4.2
EPSS
0.5%
CVE-2017-13679 MEDIUM This Month

A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Encryption Desktop
NVD
CVSS 3.0
4.2
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy