Latest CVE Feed
-
4.3
MEDIUMCVE-2016-8912
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.... Read more
Affected Products : kenexa_lms_on_cloud- EPSS Score: %0.16
- Published: Feb. 01, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-6915
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.... Read more
Affected Products : bigtree_cms- EPSS Score: %0.12
- Published: Mar. 15, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6812
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).... Read more
Affected Products : mangoswebv4- EPSS Score: %0.22
- Published: Mar. 11, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2014-3150
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.... Read more
- EPSS Score: %0.62
- Published: Nov. 15, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6661
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us... Read more
- EPSS Score: %0.30
- Published: Jun. 13, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2014-2903
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.... Read more
Affected Products : wolfssl- EPSS Score: %0.21
- Published: Oct. 06, 2017
- Modified: Apr. 20, 2025
-
5.8
MEDIUMCVE-2017-6620
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation... Read more
- EPSS Score: %0.16
- Published: May. 03, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6551
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.... Read more
Affected Products : pexip_infinity- EPSS Score: %1.76
- Published: May. 02, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6541
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker c... Read more
Affected Products : webpagetest- EPSS Score: %0.22
- Published: Mar. 08, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-7666
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.... Read more
Affected Products : openmeetings- EPSS Score: %0.17
- Published: Jul. 17, 2017
- Modified: Apr. 20, 2025
-
4.6
MEDIUMCVE-2017-7305
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definiti... Read more
Affected Products : rios- EPSS Score: %0.05
- Published: Apr. 04, 2017
- Modified: Apr. 20, 2025
-
4.7
MEDIUMCVE-2016-8475
An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Produc... Read more
- EPSS Score: %0.23
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2016-8457
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more
- EPSS Score: %0.19
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2016-8448
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi... Read more
Affected Products : android- EPSS Score: %0.04
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6479
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).... Read more
Affected Products : fenix-open-source- EPSS Score: %0.30
- Published: Mar. 05, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2016-8386
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signe... Read more
Affected Products : argus- EPSS Score: %0.95
- Published: Feb. 27, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6356
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.... Read more
Affected Products : terminal_services_agent- EPSS Score: %0.12
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2016-8319
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows una... Read more
Affected Products : flexcube_investor_servicing- EPSS Score: %0.51
- Published: Jan. 27, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6276
NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as hi... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Dec. 06, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2016-8271
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL.... Read more
- EPSS Score: %0.11
- Published: Apr. 02, 2017
- Modified: Apr. 20, 2025