Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-24 CVE-2017-6099 Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
network
low complexity
paypal CWE-79
6.1
2017-02-24 CVE-2017-6076 Information Exposure vulnerability in Wolfssl
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
local
low complexity
wolfssl CWE-200
5.5
2017-02-24 CVE-2014-9916 Cross-site Scripting vulnerability in Bilboplanet 2.0
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.
network
low complexity
bilboplanet CWE-79
6.1
2017-02-23 CVE-2016-10109 Use After Free vulnerability in multiple products
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
network
low complexity
muscle canonical CWE-416
7.5
2017-02-23 CVE-2017-6100 Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
network
low complexity
tcpdf-project CWE-668
7.5
2017-02-23 CVE-2017-6214 Infinite Loop vulnerability in Linux Kernel
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
network
low complexity
linux CWE-835
7.5
2017-02-23 CVE-2016-8974 XXE vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-23 CVE-2016-6055 Cross-site Scripting vulnerability in IBM products
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-23 CVE-2016-5883 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-23 CVE-2017-6206 Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware 1.31.B001
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.
network
low complexity
dlink CWE-200
7.5