Skip to main content
CVE-2015-7566 MEDIUM POC This Month

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Real Time Extension +2
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.5%
CVE-2016-2268 MEDIUM PATCH This Month

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Dell Secureworks
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-0723 MEDIUM This Month

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-2089 MEDIUM This Month

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jasper
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-7513 MEDIUM PATCH This Month

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-8767 MEDIUM PATCH This Month

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2015-8785 MEDIUM PATCH This Month

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Linux Enterprise Real Time Extension
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2013-4312 MEDIUM PATCH This Month

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2016-2214 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Agile Controller Campus
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-2201 MEDIUM This Month

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Simatic S7 1500 Cpu Firmware
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2016-2048 MEDIUM PATCH This Month

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Authentication Bypass Django
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7550 MEDIUM This Month

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3251 MEDIUM This Month

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2015-2012 MEDIUM This Month

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.0
EPSS
0.0%
CVE-2015-8575 MEDIUM This Month

The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy