Skip to main content
CVE-2016-4314 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.3%.

Path Traversal Carbon
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
23.3%
CVE-2016-4316 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Carbon
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.2%
CVE-2016-5037 MEDIUM POC PATCH This Month

The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5030 MEDIUM POC PATCH This Month

The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5029 MEDIUM POC PATCH This Month

The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5028 MEDIUM POC PATCH This Month

The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5035 MEDIUM POC PATCH This Month

The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5034 MEDIUM POC PATCH This Month

dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5033 MEDIUM POC PATCH This Month

The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5032 MEDIUM POC PATCH This Month

The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-4315 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Carbon
NVD Exploit-DB
CVSS 3.0
5.7
EPSS
2.7%
CVE-2016-5364 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4327 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Enablement Server For Java
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9827 MEDIUM POC This Month

The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libming
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-5031 MEDIUM POC PATCH This Month

The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-9828 MEDIUM POC This Month

The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5998 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snare Epilog
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-6189 MEDIUM POC PATCH This Month

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Sogo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2016-8652 MEDIUM This Month

The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Dovecot
NVD
CVSS 3.0
5.9
EPSS
9.4%
CVE-2017-5007 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
4.2%
CVE-2017-5013 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-5016 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-7510 MEDIUM PATCH This Month

The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-5015 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-5011 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-5014 MEDIUM This Month

Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google Chrome
NVD
CVSS 3.0
6.3
EPSS
0.8%
CVE-2017-5019 MEDIUM This Month

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
6.3
EPSS
0.8%
CVE-2016-9955 MEDIUM PATCH This Month

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

Denial Of Service Simplesamlphp Debian Linux
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2014-9905 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2017-5020 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-5018 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-5010 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-5008 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-5006 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-6191 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-9139 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1249 MEDIUM PATCH This Month

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Denial Of Service Information Disclosure Dbd Mysql
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-9773 MEDIUM PATCH This Month

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-7511 MEDIUM PATCH This Month

Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libdwarf
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-5025 MEDIUM This Month

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google Chrome
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-5024 MEDIUM This Month

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google Chrome
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-7111 MEDIUM PATCH This Month

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

XSS Mantisbt
NVD GitHub
CVSS 3.0
4.7
EPSS
0.3%
CVE-2017-5021 MEDIUM This Month

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2017-5023 MEDIUM This Month

Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Microsoft Google Chrome
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2017-5017 MEDIUM This Month

Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2017-5026 MEDIUM This Month

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2017-5022 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome
NVD
CVSS 3.0
4.3
EPSS
0.4%
CVE-2016-6190 MEDIUM PATCH This Month

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sogo
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-5027 MEDIUM This Month

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy