Skip to main content
CVE-2017-0712 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android framework (wi-fi service). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0728 HIGH PATCH This Week

A denial of service vulnerability in the Android media framework (hevc decoder). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0727 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libgui). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-6498 HIGH This Week

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Device Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-2312 HIGH This Week

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-2313 HIGH This Week

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capnproto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-7764 HIGH PATCH This Week

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lemur
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-3277 HIGH This Week

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mod Nss
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11506 HIGH This Week

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-12756 HIGH This Week

Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Extplorer
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2015-0783 MEDIUM This Month

The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2014-9701 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-11368 MEDIUM PATCH This Month

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Fedora Kerberos Kerberos 5
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2014-6393 MEDIUM PATCH This Month

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Express
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12777 MEDIUM This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-2674 MEDIUM This Month

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Information Disclosure Restkit
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-5619 MEDIUM This Month

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-0739 MEDIUM PATCH This Month

A information disclosure vulnerability in the Android media framework (libhevc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0738 MEDIUM PATCH This Month

A information disclosure vulnerability in the Android media framework (audioserver). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0735 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0734 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0733 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libmediaplayerservice). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0730 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (h264 decoder). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0726 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libstagefright). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0724 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libmpeg2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0725 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libskia). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0736 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6121 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Strategic Supply Management Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1448 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Strategic Supply Management Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-8949 MEDIUM This Month

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Strategic Supply Management Emptoris Supplier Lifecycle Management
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-2687 MEDIUM PATCH This Month

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. Rated medium severity (CVSS 4.7).

Authentication Bypass Compute
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-5695 MEDIUM This Month

Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C,. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Ssd 540S 2 5 Firmware Ssd 540S Series M 2 Firmware Ssd Pro 5400S 2 5 Firmware +4
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-5694 MEDIUM This Month

Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Ssd Pro 6000P Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-1357 MEDIUM This Month

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy