Skip to main content
CVE-2017-7994 MEDIUM POC This Month

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-4075 MEDIUM POC This Month

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Opera Browser Opera Mini
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-1187 MEDIUM This Month

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Kunai
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2016-1194 MEDIUM This Month

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-7409 MEDIUM This Month

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7992 MEDIUM PATCH This Month

Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Heartland Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4840 MEDIUM This Month

Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Coordinate Plus
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2016-4830 MEDIUM This Month

Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Sushiro
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2016-1186 MEDIUM This Month

Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Kintone
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-1198 MEDIUM This Month

Photopt for Android before 2.0.1 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Photopt
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-4832 MEDIUM This Month

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Waon
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1221 MEDIUM This Month

Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Jetstar
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1210 MEDIUM This Month

The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure 105 Bank
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1519 MEDIUM This Month

The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Wave
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-1184 MEDIUM This Month

Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Tokyo Star Bank
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2016-4829 MEDIUM This Month

DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Ppv Play Player
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6519 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openstack Manila
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3702 MEDIUM This Month

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-4841 MEDIUM This Month

Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mailwise
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy