Skip to main content
CVE-2015-3163 MEDIUM POC This Month

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Beaker
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2017-14166 MEDIUM PATCH This Month

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libarchive Debian Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2017-14165 MEDIUM PATCH This Month

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-8316 MEDIUM This Month

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Lightdm
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2015-2943 MEDIUM This Month

Honda Moto LINC 1.6.1 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Moto Linc
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-12476 MEDIUM PATCH This Month

The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12475 MEDIUM PATCH This Month

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12474 MEDIUM PATCH This Month

The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-3162 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Beaker
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2015-7225 MEDIUM PATCH This Month

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Devise Two Factor
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2015-6250 MEDIUM PATCH This Month

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Simple Php Captcha
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-5186 MEDIUM This Month

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Audit
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-3161 MEDIUM PATCH This Month

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Beaker
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2015-3160 MEDIUM This Month

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Beaker
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy