Skip to main content
CVE-2017-5973 MEDIUM PATCH This Month

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-9922 MEDIUM PATCH This Month

The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-6459 MEDIUM This Month

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Ntp
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8310 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Cherrymusic
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9737 MEDIUM PATCH This Month

IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tririga Application Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6056 MEDIUM PATCH This Month

IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Call Center For Commerce
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-5238 MEDIUM This Month

Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ev 07S Gps Tracker Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1143 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-6102 LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
3.7
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy