Skip to main content
CVE-2017-15271 MEDIUM POC THREAT This Month

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.3%.

Denial Of Service Memory Corruption Use After Free Psftpd
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
19.3%
CVE-2017-15270 MEDIUM POC THREAT This Month

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

Information Disclosure Psftpd
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.0%
CVE-2017-11872 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.8%.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
6.5
EPSS
20.8%
CVE-2014-2845 MEDIUM POC This Month

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Cyberduck
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-11834 MEDIUM PATCH This Month

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.3%.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
22.3%
CVE-2017-11830 MEDIUM POC PATCH This Month

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Windows 10 Windows Server Windows Server 2016
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
1.2%
CVE-2017-16821 MEDIUM POC This Month

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Symphony
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2017-11831 MEDIUM POC PATCH This Month

Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows. Rated medium severity (CVSS 4.7). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
3.0%
CVE-2017-11877 MEDIUM PATCH This Month

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 12.0%.

Microsoft Authentication Bypass Excel Excel Viewer Office Compatibility Pack
NVD
CVSS 3.1
5.5
EPSS
12.0%
CVE-2017-11853 MEDIUM PATCH This Month

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
10.0%
CVE-2017-11848 MEDIUM PATCH This Month

Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
12.8%
CVE-2017-11844 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
12.8%
CVE-2017-11803 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
12.8%
CVE-2017-15102 MEDIUM PATCH This Month

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by. Rated medium severity (CVSS 6.3). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD GitHub
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-11863 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-8808 MEDIUM PATCH This Month

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-16833 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Gemirro
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-8811 MEDIUM PATCH This Month

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12738 MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sm 2556 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11835 MEDIUM PATCH This Month

Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2017-11852 MEDIUM PATCH This Month

Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
4.7
EPSS
4.1%
CVE-2017-11849 MEDIUM PATCH This Month

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server,. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
4.1%
CVE-2017-11842 MEDIUM PATCH This Month

Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
4.7
EPSS
4.1%
CVE-2014-0219 MEDIUM PATCH This Month

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Apache Karaf
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8812 MEDIUM PATCH This Month

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Mediawiki Debian Linux
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-5532 MEDIUM This Month

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jasperreports Server Jasperreports Library Jaspersoft Jaspersoft Reporting And Analytics +1
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-11851 MEDIUM PATCH This Month

The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
4.7
EPSS
3.5%
CVE-2017-12737 MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Sm 2556 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-15272 MEDIUM This Month

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Psftpd
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-11880 MEDIUM PATCH This Month

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
1.4%
CVE-2017-11832 MEDIUM PATCH This Month

The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
4.7
EPSS
1.2%
CVE-2017-15269 MEDIUM This Month

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Psftpd
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy