Skip to main content
CVE-2017-15361 MEDIUM PATCH This Month

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 -. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 73.4%.

Google Information Disclosure Trusted Platform Firmware Rsa Library Chrome
NVD GitHub
CVSS 3.0
5.9
EPSS
73.4%
CVE-2017-15374 MEDIUM POC This Month

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2014-8087 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Post Highlights
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15384 MEDIUM POC This Month

rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rate Me
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15375 MEDIUM POC This Month

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpjobboard
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15372 MEDIUM POC This Month

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-15370 MEDIUM POC This Month

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15371 MEDIUM POC This Month

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-0208 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8734 MEDIUM This Month

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.9% and no vendor patch available.

Denial Of Service Apache Subversion Debian Linux
NVD
CVSS 3.0
6.5
EPSS
12.9%
CVE-2017-15362 MEDIUM This Month

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE CSRF PHP Osticket
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15294 MEDIUM This Month

The Java administration console in SAP CRM has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Java Customer Relationship Management
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-0029 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Subscription Asset Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-3229 MEDIUM PATCH This Month

fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Spin Kickstarts
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2017-15289 MEDIUM PATCH This Month

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Qemu
NVD
CVSS 3.1
6.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy