Skip to main content
CVE-2016-5059 MEDIUM POC This Month

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-5075 MEDIUM POC This Month

CloudView NMS before 2.10a has XSS via a TELNET login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudview Nms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5073 MEDIUM POC This Month

CloudView NMS before 2.10a has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudview Nms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6035 MEDIUM POC This Month

Opsview before 2015-11-06 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5055 MEDIUM POC This Month

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightify Pro
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4334 MEDIUM POC This Month

Jive before 2016.3.1 has an open redirect from the external-link.jspa page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Jive
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-1517 MEDIUM POC PATCH This Month

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10304 MEDIUM This Month

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Deserialization SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2017-7646 MEDIUM PATCH This Month

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-6021 MEDIUM This Month

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Desktop
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6027 MEDIUM This Month

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Snmpc
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-5682 MEDIUM POC PATCH This Month

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Swagger Ui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-5078 MEDIUM This Month

Paessler PRTG before 16.2.24.4045 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5077 MEDIUM This Month

Netikus EventSentry before 3.2.1.44 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventsentry
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7275 MEDIUM This Month

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7377 MEDIUM PATCH This Month

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-10310 MEDIUM This Month

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service SAP Sql Anywhere
NVD
CVSS 3.0
4.9
EPSS
3.5%
CVE-2017-7624 MEDIUM This Month

The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imageworsener
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-7623 MEDIUM This Month

The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Imageworsener
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8276 MEDIUM This Month

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edoc Libraries Eparakstitajs 3
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8275 MEDIUM This Month

LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edoc Libraries Eparakstitajs 3
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-7616 MEDIUM PATCH This Month

Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5642 MEDIUM This Month

Opmantek NMIS before 8.5.12G has XSS via SNMP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Management Information System
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-2883 MEDIUM This Month

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP In Sight B120 37
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4317 MEDIUM This Month

Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-7345 MEDIUM This Month

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-4318 MEDIUM This Month

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2016-4320 MEDIUM This Month

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Atlassian Bitbucket
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy