Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.1%.
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 32.2% and no vendor patch available.
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid. Rated medium severity (CVSS 5.4). No vendor patch available.
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.