Skip to main content
CVE-2017-12285 MEDIUM This Month

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 77.5% and no vendor patch available.

Path Traversal Cisco Prime Network Analysis Module
NVD
CVSS 3.0
5.3
EPSS
77.5%
CVE-2017-15646 MEDIUM POC PATCH This Month

Webmin before 1.860 has XSS with resultant remote code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Command Injection Webmin
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.2%
CVE-2017-15639 MEDIUM POC This Month

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mura Cms
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.2%
CVE-2017-10355 MEDIUM POC PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +28
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
6.3%
CVE-2017-15648 MEDIUM POC This Month

In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Melody
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15612 MEDIUM POC PATCH This Month

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mistune
NVD GitHub
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-10033 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Oracle Webcenter Sites
NVD Exploit-DB
CVSS 3.0
4.0
EPSS
0.6%
CVE-2017-10370 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hospitality Guest Access
NVD
CVSS 3.0
6.9
EPSS
0.3%
CVE-2017-10274 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +26
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2017-10152 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Weblogic Server
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-12301 MEDIUM This Month

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Python Cisco Authentication Bypass Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-10077 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Applications Dba
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-14019 MEDIUM This Month

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Movicon
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-10343 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Hospitality Simphony
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-10344 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Hospitality Simphony
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-10280 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-10384 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Debian Linux +14
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-10276 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-10427 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Retail Xstore Point Of Service
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-10316 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Hospitality Suite8
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-10167 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2012-4379 MEDIUM PATCH This Month

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-10261 MEDIUM PATCH This Month

Vulnerability in the XML Database component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Microsoft Authentication Bypass Information Disclosure Database
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-10379 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Oracle MySQL MariaDB Debian Linux +14
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-10421 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Hospitality Suite8
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-10378 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Debian Linux +14
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-15611 MEDIUM PATCH This Month

In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15610 MEDIUM PATCH This Month

An issue was discovered in Octopus before 3.17.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-10361 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC DRS). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Hospitality Cruise Shipboard Property Management System
NVD
CVSS 3.0
6.4
EPSS
0.3%
CVE-2017-10420 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Hospitality Suite8
NVD
CVSS 3.0
6.4
EPSS
0.3%
CVE-2017-10418 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.4
EPSS
0.2%
CVE-2017-10358 MEDIUM PATCH This Month

Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hyperion Financial Reporting
NVD
CVSS 3.0
6.4
EPSS
0.2%
CVE-2017-10153 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle Communications Webrtc Session Controller
NVD
CVSS 3.0
6.3
EPSS
0.5%
CVE-2017-10393 MEDIUM PATCH This Month

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Glassfish Server
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2017-10385 MEDIUM PATCH This Month

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Glassfish Server
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2017-10163 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2017-10356 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +27
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2017-10351 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.2
EPSS
0.2%
CVE-2017-10315 MEDIUM PATCH This Month

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Ui Framework
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-10302 MEDIUM PATCH This Month

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Ui Framework
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-10397 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Cruise Fleet Management
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10406 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10381 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10368 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Eprocurement
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10327 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10159 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Communications Policy Management
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10158 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10293 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +19
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-10055 MEDIUM PATCH This Month

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Iplanet Web Server
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-12288 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Finesse
NVD
CVSS 3.0
6.1
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy