Skip to main content
CVE-2017-13720 HIGH PATCH This Week

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libxfont
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-15215 MEDIUM PATCH This Month

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Shaarli
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-14372 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14371 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8017 MEDIUM This Month

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smarts Network Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14588 MEDIUM This Month

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15214 MEDIUM PATCH This Month

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Flyspray
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-15213 MEDIUM PATCH This Month

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Flyspray
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8016 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14370 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14587 MEDIUM This Month

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15198 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.7%
CVE-2017-15211 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15208 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15207 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15206 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15204 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15203 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15202 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15201 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15200 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15199 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15197 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15196 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15195 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15209 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15212 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-15210 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-15205 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-14369 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Archer Grc Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy