Skip to main content
CVE-2016-5715 MEDIUM POC This Month

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Puppet Enterprise
NVD VulDB
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-3150 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Clickshare Csc 1 Firmware Clickshare Cse 200 Firmware
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5737 MEDIUM PATCH This Month

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Puppet Gerrit
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6501 MEDIUM This Month

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Puppet Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10027 MEDIUM PATCH This Month

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Smack Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-0393 MEDIUM PATCH This Month

A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-8463 MEDIUM PATCH This Month

A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8400 MEDIUM This Month

An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8460 MEDIUM This Month

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-8397 MEDIUM This Month

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0391 MEDIUM PATCH This Month

A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0392 MEDIUM PATCH This Month

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0390 MEDIUM PATCH This Month

A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0400 MEDIUM PATCH This Month

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6767 MEDIUM This Month

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6766 MEDIUM This Month

A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6765 MEDIUM This Month

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6764 MEDIUM This Month

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0402 MEDIUM PATCH This Month

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0401 MEDIUM PATCH This Month

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0399 MEDIUM PATCH This Month

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0397 MEDIUM PATCH This Month

An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0396 MEDIUM PATCH This Month

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8396 MEDIUM This Month

An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mediatek Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6773 MEDIUM This Month

An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8462 MEDIUM PATCH This Month

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8461 MEDIUM This Month

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6763 MEDIUM This Month

A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0395 MEDIUM This Month

An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0388 MEDIUM This Month

An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8605 MEDIUM PATCH This Month

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fedora Guile
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-6771 MEDIUM This Month

An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2016-8405 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2016-8475 MEDIUM This Month

An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8474 MEDIUM This Month

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8473 MEDIUM This Month

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8469 MEDIUM This Month

An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-6757 MEDIUM This Month

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-6756 MEDIUM This Month

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8410 MEDIUM This Month

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8409 MEDIUM This Month

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8408 MEDIUM This Month

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Nvidia Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8395 MEDIUM This Month

A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Nvidia Google Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-8407 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8406 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8404 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8403 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8402 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8401 MEDIUM This Month

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-8472 MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Mediatek Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy