The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.1%.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.