Skip to main content
CVE-2016-5648 MEDIUM POC This Month

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Acer Portal
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2017-9516 MEDIUM POC PATCH This Month

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.8%
CVE-2016-3095 MEDIUM POC PATCH This Month

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Fedora Pulp
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-1588 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-2255 MEDIUM This Month

Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Huawei Ar1220 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-1179 MEDIUM PATCH This Month

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9310 MEDIUM PATCH This Month

QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2017-9330 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2017-9520 MEDIUM PATCH This Month

The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3111 MEDIUM PATCH This Month

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-3107 MEDIUM PATCH This Month

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Pulp
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1140 MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9736 MEDIUM PATCH This Month

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2014-4843 MEDIUM This Month

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2253 MEDIUM This Month

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2014-6031 MEDIUM This Month

Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +11
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2016-8987 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy