Skip to main content
CVE-2017-7282 MEDIUM POC This Month

An issue was discovered in Unitrends Enterprise Backup before 9.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
5.5
EPSS
7.5%
CVE-2017-7938 MEDIUM POC This Month

Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Dmitry Deepmagic Information Gathering Tool
NVD GitHub Exploit-DB
CVSS 3.1
6.6
EPSS
1.9%
CVE-2015-8959 MEDIUM POC PATCH This Month

coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2016-6338 MEDIUM POC This Month

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Enterprise Virtualization
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-8958 MEDIUM POC PATCH This Month

coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2015-8957 MEDIUM POC PATCH This Month

Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-2806 MEDIUM POC This Month

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Perceptive Document Filters
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-7526 MEDIUM PATCH This Month

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2016-7530 MEDIUM PATCH This Month

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2016-7521 MEDIUM PATCH This Month

Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2016-7538 MEDIUM PATCH This Month

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2016-7536 MEDIUM PATCH This Month

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2016-7514 MEDIUM PATCH This Month

The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2016-7532 MEDIUM PATCH This Month

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7540 MEDIUM PATCH This Month

coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-7525 MEDIUM PATCH This Month

Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-7520 MEDIUM PATCH This Month

Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-4843 MEDIUM This Month

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailwise
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7527 MEDIUM PATCH This Month

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2016-7535 MEDIUM PATCH This Month

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2016-7534 MEDIUM PATCH This Month

The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2016-7518 MEDIUM PATCH This Month

The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-7517 MEDIUM PATCH This Month

The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-7516 MEDIUM PATCH This Month

The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-7513 MEDIUM PATCH This Month

Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-5010 MEDIUM PATCH This Month

coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-4969 MEDIUM This Month

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Release
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-3729 MEDIUM PATCH This Month

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6614 MEDIUM This Month

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Findit Network Probe
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6336 MEDIUM PATCH This Month

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6615 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2016-4849 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Geeklog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-4847 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Web Ui
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-5761 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Groupwise
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-5760 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Groupwise
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1213 MEDIUM This Month

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Garoon
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1214 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1217 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1216 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1215 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6333 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mediawiki
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5183 MEDIUM This Month

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6334 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mediawiki
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6611 MEDIUM This Month

A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6347 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Resteasy
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-4818 MEDIUM This Month

DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Dmmfx Demo Trade Dmmfx Trade Gaitamejapan Fx Trade
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-6613 MEDIUM This Month

A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Network Registrar
NVD
CVSS 3.0
5.8
EPSS
0.3%
CVE-2017-7982 MEDIUM This Month

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7718 MEDIUM PATCH This Month

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-6341 MEDIUM PATCH This Month

oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ovirt
NVD
CVSS 3.0
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy