Skip to main content
CVE-2017-15277 MEDIUM POC PATCH THREAT This Month

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.3%.

Information Disclosure Graphicsmagick Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
59.3%
Threat
4.6
CVE-2017-15285 HIGH POC This Week

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP X Cart
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2017-15268 HIGH POC PATCH This Week

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Qemu
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-15286 HIGH POC This Week

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sqlite
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-8736 CRITICAL PATCH Act Now

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache RCE Openmeetings
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-15287 MEDIUM POC This Month

There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bouqueteditor
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-15284 MEDIUM POC PATCH This Month

Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2017-15281 HIGH PATCH This Week

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-9514 HIGH This Week

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-10863 HIGH This Week

Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Confidential File Decryption
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10865 HIGH This Week

Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Confidential File Decryption
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10864 HIGH This Week

Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Confidential File Viewer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15290 HIGH This Week

Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Video Management System
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-6358 MEDIUM PATCH This Month

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Cisco Information Disclosure Rv320 Firmware Rv325 Firmware Rvs4000 Firmware +21
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2017-15280 MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

SSRF XXE Umbraco Cms
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12192 MEDIUM PATCH This Month

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15274 MEDIUM PATCH This Month

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15278 MEDIUM PATCH This Month

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-15279 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Umbraco Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12849 MEDIUM PATCH This Month

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Silverstripe
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-10862 MEDIUM This Month

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Scala
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9263 MEDIUM This Month

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Code Injection
NVD
CVSS 3.0
4.7
EPSS
1.2%
CVE-2017-10857 MEDIUM This Month

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Office
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy