Skip to main content
CVE-2016-3619 MEDIUM POC This Month

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-3622 MEDIUM POC This Month

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-1372 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Clamav Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-1371 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Ubuntu Linux Clamav
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6905 MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libgd Leap +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-8280 MEDIUM This Month

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Huawei Esight
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2016-7046 MEDIUM PATCH This Month

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Red Hat Denial Of Service Jboss Enterprise Application Platform
NVD
CVSS 3.0
5.9
EPSS
4.1%
CVE-2016-3625 MEDIUM This Month

tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8277 MEDIUM This Month

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9520 Usg9560 Usg9580
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-7571 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Drupal
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-6494 MEDIUM PATCH This Month

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure MongoDB Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5398 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8085 MEDIUM This Month

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei S9300 Firmware S12700 Firmware Quidway S9300 Firmware +4
NVD
CVSS 3.0
4.9
EPSS
0.0%
CVE-2015-8086 MEDIUM This Month

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Quidway S5300 Firmware Quidway S9300 Firmware S5700 Firmware +4
NVD
CVSS 3.0
4.9
EPSS
0.0%
CVE-2016-7442 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-7397 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-7570 MEDIUM PATCH This Month

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-7572 MEDIUM PATCH This Month

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy