Skip to main content
CVE-2016-1252 MEDIUM POC This Month

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ubuntu Debian Authentication Bypass Advanced Package Tool Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
6.0%
CVE-2017-17431 MEDIUM POC This Month

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Genixcms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-16856 MEDIUM This Month

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Confluence
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-4920 MEDIUM This Month

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service VMware Nsx V Edge
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-14905 MEDIUM PATCH This Month

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-14903 MEDIUM PATCH This Month

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-14018 MEDIUM This Month

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Endo Surgery Generator Gen11 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy