Skip to main content
CVE-2017-0882 MEDIUM POC PATCH This Month

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Gitlab Authentication Bypass
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-9459 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud XSS Microsoft Information Disclosure Mozilla +2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-9466 MEDIUM POC PATCH This Month

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-9467 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
1.0%
CVE-2016-9465 MEDIUM POC PATCH This Month

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-9460 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-9468 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9473 MEDIUM POC This Month

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Browser
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2016-9461 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
4.3
EPSS
0.8%
CVE-2016-9462 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-9464 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-8884 MEDIUM PATCH This Month

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-9472 MEDIUM PATCH This Month

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-9454 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9128 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9130 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9126 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9457 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9129 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0881 MEDIUM PATCH This Month

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zulip Server
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy