Skip to main content
CVE-2015-7676 MEDIUM POC This Month

Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moveit Dmz
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2016-2212 MEDIUM POC PATCH This Month

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe PHP Information Disclosure Magento
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-1267 MEDIUM This Month

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before. Rated medium severity (CVSS 6.7). No vendor patch available.

Juniper Race Condition Information Disclosure Junos
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-1273 MEDIUM This Month

Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-3961 MEDIUM PATCH This Month

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Ubuntu Linux Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3144 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Block Class Fedora
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy