Skip to main content
CVE-2015-0904 MEDIUM This Month

The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Restaurant Karaoke
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-5221 MEDIUM PATCH This Month

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-3243 MEDIUM This Month

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rsyslog
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3149 MEDIUM This Month

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3171 MEDIUM PATCH This Month

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2017-11434 MEDIUM PATCH This Month

The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2017-6749 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
5.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy