Skip to main content
CVE-2016-5348 MEDIUM POC PATCH THREAT This Month

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 14.6%.

Qualcomm Google Denial Of Service Android
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
14.6%
CVE-2016-1000148 MEDIUM POC This Month

Reflected XSS in wordpress plugin s3-video v0.983. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress S3 Video
NVD
CVSS 3.0
6.1
EPSS
9.4%
CVE-2016-1000149 MEDIUM POC This Month

Reflected XSS in wordpress plugin simpel-reserveren v3.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simpel Reserveren
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000142 MEDIUM POC This Month

Reflected XSS in wordpress plugin parsi-font v4.2.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Parsi Font
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000137 MEDIUM POC This Month

Reflected XSS in wordpress plugin hero-maps-pro v2.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hero Maps Pro
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000143 MEDIUM POC This Month

Reflected XSS in wordpress plugin photoxhibit v2.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photoxhibit
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000141 MEDIUM POC This Month

Reflected XSS in wordpress plugin page-layout-builder v1.9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Layout Builder
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000140 MEDIUM POC This Month

Reflected XSS in wordpress plugin new-year-firework v1.1.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress New Year Firework
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000138 MEDIUM POC This Month

Reflected XSS in wordpress plugin indexisto v1.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Indexisto
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000136 MEDIUM POC This Month

Reflected XSS in wordpress plugin heat-trackr v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Heat Trackr
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000152 MEDIUM POC This Month

Reflected XSS in wordpress plugin tidio-form v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tidio Form
NVD
CVSS 3.0
6.1
EPSS
6.5%
CVE-2016-1000154 MEDIUM POC This Month

Reflected XSS in wordpress plugin whizz v1.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Whizz
NVD
CVSS 3.0
6.1
EPSS
5.8%
CVE-2016-1000133 MEDIUM POC This Month

Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Forget About Shortcode Buttons
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2016-1000139 MEDIUM POC PATCH This Month

Reflected XSS in wordpress plugin infusionsoft v1.5.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Infusionsoft
NVD
CVSS 3.0
6.1
EPSS
2.9%
CVE-2016-1000128 MEDIUM POC This Month

Reflected XSS in wordpress plugin anti-plagiarism v3.60. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Anti Plagiarism
NVD
CVSS 3.0
6.1
EPSS
2.9%
CVE-2016-1000129 MEDIUM POC This Month

Reflected XSS in wordpress plugin defa-online-image-protector v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Defa Online Image Protector
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2016-1000132 MEDIUM POC PATCH This Month

Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Tooltip Glossary
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2016-1000127 MEDIUM POC This Month

Reflected XSS in wordpress plugin ajax-random-post v2.00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ajax Random Post
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000126 MEDIUM POC This Month

Reflected XSS in wordpress plugin admin-font-editor v1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Font Editor
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000155 MEDIUM POC This Month

Reflected XSS in wordpress plugin wpsolr-search-engine v7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpsolr Search Engine
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000135 MEDIUM POC This Month

Reflected XSS in wordpress plugin hdw-tube v1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hdw Tube
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000134 MEDIUM POC This Month

Reflected XSS in wordpress plugin hdw-tube v1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hdw Tube
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000131 MEDIUM POC This Month

Reflected XSS in wordpress plugin e-search v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Esearch
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000146 MEDIUM POC This Month

Reflected XSS in wordpress plugin pondol-formmail v1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pondol Formmail
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2016-1000153 MEDIUM POC This Month

Reflected XSS in wordpress plugin tidio-gallery v1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tidio Gallery
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2016-1000130 MEDIUM POC This Month

Reflected XSS in wordpress plugin e-search v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress E Search
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2016-1000151 MEDIUM POC This Month

Reflected XSS in wordpress plugin tera-charts v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tera Charts
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000147 MEDIUM POC This Month

Reflected XSS in wordpress plugin recipes-writer v1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Recipes Writer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000145 MEDIUM POC This Month

Reflected XSS in wordpress plugin pondol-carousel v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pondol Carousel
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000150 MEDIUM POC This Month

Reflected XSS in wordpress plugin simplified-content v1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simplified Content
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-1000144 MEDIUM POC This Month

Reflected XSS in wordpress plugin photoxhibit v2.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photoxhibit
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-6689 MEDIUM POC PATCH This Month

Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-3882 MEDIUM PATCH This Month

Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Java Authentication Bypass Android
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-5325 MEDIUM PATCH This Month

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Node.js Node Js Linux Enterprise
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2015-8956 MEDIUM PATCH This Month

The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Android
NVD GitHub
CVSS 3.0
6.1
EPSS
0.0%
CVE-2016-7099 MEDIUM PATCH This Month

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Node.js Node Js Linux Enterprise
NVD GitHub
CVSS 3.0
5.9
EPSS
0.7%
CVE-2016-3920 MEDIUM PATCH This Month

id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8950 MEDIUM PATCH This Month

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Google Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6682 MEDIUM PATCH This Month

drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6681 MEDIUM PATCH This Month

drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6678 MEDIUM This Month

The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6679 MEDIUM PATCH This Month

CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3924 MEDIUM PATCH This Month

services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3918 MEDIUM PATCH This Month

email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Java Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3860 MEDIUM PATCH This Month

sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3908 MEDIUM PATCH This Month

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3902 MEDIUM PATCH This Month

drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3923 MEDIUM PATCH This Month

The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3925 MEDIUM PATCH This Month

server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Java Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6688 MEDIUM PATCH This Month

The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy