Skip to main content
CVE-2016-8581 MEDIUM POC THREAT This Month

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.2%.

XSS Open Source Security Information And Event Management Unified Security Management
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
68.2%
Threat
4.8
CVE-2016-9018 MEDIUM POC This Month

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Realplayer
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.4%
CVE-2016-4394 MEDIUM This Month

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-8871 MEDIUM This Month

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-8889 MEDIUM PATCH This Month

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bitcoin Knots
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-1423 MEDIUM This Month

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-8583 MEDIUM This Month

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Source Security Information And Event Management Unified Security Management
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4393 MEDIUM This Month

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS System Management Homepage
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8579 MEDIUM PATCH This Month

docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Docker2Aci
NVD GitHub
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy