Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12278 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. | 6.3 |
| 2017-11-02 | CVE-2017-12274 | Improper Input Validation vulnerability in Cisco products A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.5 |
| 2017-11-02 | CVE-2017-12273 | Improper Input Validation vulnerability in Cisco products A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.5 |
| 2017-11-01 | CVE-2017-1554 | Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5 IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2017-11-01 | CVE-2017-1553 | Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5 IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-01 | CVE-2017-1552 | Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5 IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. | 5.4 |
| 2017-11-01 | CVE-2017-1340 | Information Exposure vulnerability in IBM Jazz Reporting Service 6.0.4 IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. | 5.0 |
| 2017-11-01 | CVE-2017-1333 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. | 5.3 |
| 2017-11-01 | CVE-2017-1290 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-01 | CVE-2017-1148 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. | 5.3 |