Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-14415 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-14414 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-14413 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |
| 2017-09-13 | CVE-2017-3165 | Cross-site Scripting vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. | 5.4 |
| 2017-09-13 | CVE-2017-14124 | Improper Privilege Management vulnerability in Unicon-Software RP In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions. | 6.3 |
| 2017-09-13 | CVE-2015-7880 | Information Exposure vulnerability in Drupal The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. | 4.3 |
| 2017-09-13 | CVE-2015-2750 | Open Redirect vulnerability in multiple products Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | 6.1 |
| 2017-09-13 | CVE-2015-2749 | Open Redirect vulnerability in multiple products Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | 6.1 |
| 2017-09-13 | CVE-2017-6330 | Unspecified vulnerability in Symantec Encryption Desktop 10.3.2/10.4.0/10.4.1 Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | 6.5 |
| 2017-09-13 | CVE-2017-6007 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. | 5.5 |