Skip to main content
CVE-2017-15277 MEDIUM POC PATCH THREAT This Month

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.3%.

Information Disclosure Graphicsmagick Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
59.3%
Threat
4.6
CVE-2017-15287 MEDIUM POC This Month

There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bouqueteditor
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-15284 MEDIUM POC PATCH This Month

Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2015-6358 MEDIUM PATCH This Month

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Cisco Information Disclosure Rv320 Firmware Rv325 Firmware Rvs4000 Firmware +21
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2017-15280 MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

SSRF XXE Umbraco Cms
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12192 MEDIUM PATCH This Month

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15274 MEDIUM PATCH This Month

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15278 MEDIUM PATCH This Month

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-15279 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Umbraco Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12849 MEDIUM PATCH This Month

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Silverstripe
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-10862 MEDIUM This Month

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Scala
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9263 MEDIUM This Month

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Code Injection
NVD
CVSS 3.0
4.7
EPSS
1.2%
CVE-2017-10857 MEDIUM This Month

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Office
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy