Skip to main content
CVE-2017-17933 MEDIUM POC This Month

cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Surgeftp
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-17971 MEDIUM POC PATCH This Month

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17760 MEDIUM PATCH This Month

OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Opencv Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2017-17910 MEDIUM This Month

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hs5 868 Bs Firmware Hse2 868 Bs Firmware Hse1 868 Bs Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-16876 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mistune Fedora
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3695 MEDIUM PATCH This Month

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-4978 MEDIUM PATCH This Month

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Rawstudio Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2013-4578 MEDIUM PATCH This Month

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy