Skip to main content
CVE-2015-1547 MEDIUM POC This Month

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libtiff
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2016-2191 MEDIUM POC PATCH This Month

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Optipng Ubuntu Linux Debian Linux +2
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2015-8807 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fedora Groupware Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-2228 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Debian Linux Groupware Horde Groupware +1
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-7555 MEDIUM POC This Month

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Giflib Fedora
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-0861 MEDIUM POC PATCH This Month

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Trytond Debian Linux
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-2116 MEDIUM This Month

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Jasper
NVD
CVSS 3.0
5.7
EPSS
7.3%
CVE-2016-2533 MEDIUM PATCH This Month

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Buffer Overflow Pillow Python Imaging +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2015-8784 MEDIUM PATCH This Month

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Libtiff Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2016-0739 MEDIUM This Month

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Enterprise Linux Ubuntu Linux Libssh +2
NVD
CVSS 3.0
5.9
EPSS
4.3%
CVE-2014-9655 MEDIUM This Month

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2016-0775 MEDIUM PATCH This Month

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Pillow Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2015-8553 MEDIUM PATCH This Month

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-0787 MEDIUM PATCH This Month

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Opensuse Libssh2 Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2016-0740 MEDIUM PATCH This Month

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Pillow Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-8606 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Silverstripe
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8682 MEDIUM This Month

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-8551 MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Debian Linux Opensuse +5
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-3686 MEDIUM This Month

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Edge Gateway Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2015-8665 MEDIUM This Month

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libtiff
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8683 MEDIUM This Month

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libtiff Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-1496 MEDIUM This Month

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2058 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Debian Linux Xymon
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8552 MEDIUM This Month

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Ubuntu Linux Debian Linux Suse Linux Enterprise Debuginfo +1
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-0757 MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Image Registry And Delivery Service Glance
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2014-6276 MEDIUM PATCH This Month

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Roundup Debian Linux
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy