Skip to main content
CVE-2017-17382 MEDIUM POC THREAT This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Citrix Information Disclosure Oracle Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
78.3%
Threat
5.0
CVE-2017-17427 MEDIUM POC THREAT This Month

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 70.5%.

Information Disclosure Alteon Firmware
NVD
CVSS 3.0
5.9
EPSS
70.5%
Threat
4.8
CVE-2017-17569 MEDIUM POC This Month

Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Posty Readymade Classifieds
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17669 MEDIUM POC This Month

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-11305 MEDIUM PATCH This Month

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Flash Player Desktop Runtime Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2017-14380 MEDIUM This Month

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Isilon Onefs
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-15529 MEDIUM This Month

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Norton Family
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2017-1421 MEDIUM This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17664 MEDIUM PATCH This Month

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2017-1558 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17549 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Microsoft Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-1546 MEDIUM This Month

IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-4942 MEDIUM PATCH This Month

VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

VMware Information Disclosure Airwatch Console
NVD
CVSS 3.1
4.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy