Skip to main content
CVE-2016-6285 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-9039 MEDIUM POC This Month

An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartos
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-6329 MEDIUM This Month

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.0
5.9
EPSS
5.5%
CVE-2016-9413 MEDIUM PATCH This Month

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Merge System Mybb
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-2050 MEDIUM This Month

The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-9962 MEDIUM PATCH This Month

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Docker
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-9409 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9408 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9407 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9406 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9405 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9404 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9421 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8975 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-9419 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mybb
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8976 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Merge System Mybb
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5117 MEDIUM PATCH This Month

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Openntpd
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-3176 MEDIUM PATCH This Month

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 3.0
5.6
EPSS
0.2%
CVE-2016-8696 MEDIUM This Month

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Potrace
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8695 MEDIUM This Month

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Potrace
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8694 MEDIUM This Month

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Potrace
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8697 MEDIUM This Month

The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Potrace
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-8685 MEDIUM This Month

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Potrace
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9260 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9411 MEDIUM PATCH This Month

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Merge System Mybb
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy