Skip to main content
CVE-2017-12800 MEDIUM POC This Month

The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12781 MEDIUM POC This Month

The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12802 MEDIUM POC This Month

The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12801 MEDIUM POC This Month

The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12780 MEDIUM POC This Month

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Libebml2 Mkclean +1
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12783 MEDIUM POC This Month

The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-12782 MEDIUM POC This Month

The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libebml2 Mkclean Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-16765 MEDIUM POC This Month

XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dwr 933 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-16784 MEDIUM POC This Month

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-16785 MEDIUM POC This Month

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-16568 MEDIUM POC This Month

Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Authentication Bypass Media Server
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2017-16781 MEDIUM POC This Month

The installer in MyBB before 1.8.13 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mybb
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-16567 MEDIUM POC This Month

Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Information Disclosure Media Server
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2017-12803 MEDIUM This Month

The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mkclean
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12779 MEDIUM This Month

The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mkvalidator
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-15638 MEDIUM This Month

The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Susefirewall2
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16782 MEDIUM PATCH This Month

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Home Assistant
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16761 MEDIUM This Month

An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Buildmaster
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16760 MEDIUM This Month

Inedo BuildMaster before 5.8.2 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Buildmaster
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5201 MEDIUM This Month

NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
5.7
EPSS
0.1%
CVE-2017-16754 MEDIUM PATCH This Month

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

PHP Information Disclosure Bolt
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-11461 MEDIUM This Month

NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Unified Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-16633 MEDIUM PATCH This Month

In Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Joomla
NVD
CVSS 3.0
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy