Skip to main content
CVE-2017-16685 MEDIUM This Month

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Business Warehouse Universal Data Integration
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-16681 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Business Intelligence Promotion Management Application
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-16679 MEDIUM This Month

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Sap Kernel
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17565 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion. Rated medium severity (CVSS 5.6).

Denial Of Service Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2017-17554 MEDIUM PATCH This Month

A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Aubio
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-16687 MEDIUM This Month

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana Database
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2017-17553 MEDIUM This Month

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Dolphin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-16678 MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Netweaver Knowledge Management Configuration Service Epbc Epbc2 +1
NVD
CVSS 3.0
4.7
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy