Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-06 | CVE-2017-14016 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 6.3 |
| 2017-11-06 | CVE-2017-15306 | NULL Pointer Dereference vulnerability in Linux Kernel The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. | 5.5 |
| 2017-11-06 | CVE-2017-7425 | Cross-site Scripting vulnerability in Netiq Imanager 3.0.3.2 Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | 6.1 |
| 2017-11-06 | CVE-2015-7878 | Cross-site Scripting vulnerability in Taxonomy Find Project Taxonomy Find Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | 5.4 |
| 2017-11-06 | CVE-2017-16569 | Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018 An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | 4.8 |
| 2017-11-06 | CVE-2017-16564 | Cross-site Scripting vulnerability in Grandstream Ht802 Firmware Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | 5.4 |
| 2017-11-06 | CVE-2017-15039 | Cross-site Scripting vulnerability in Zurmo CRM 3.2.1.57987Acc3018 Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | 4.8 |
| 2017-11-04 | CVE-2017-16541 | Information Exposure vulnerability in multiple products Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. | 6.5 |
| 2017-11-04 | CVE-2017-16539 | Information Exposure vulnerability in Mobyproject Moby The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | 5.9 |
| 2017-11-04 | CVE-2017-16538 | Improper Input Validation vulnerability in Linux Kernel drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | 6.6 |