Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2017-0547 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-04-07 | CVE-2017-7586 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | 5.5 |
| 2017-04-07 | CVE-2017-7585 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libsndfile Project Libsndfile In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | 5.5 |
| 2017-04-07 | CVE-2017-7583 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.3 has XSS via SVG documents. | 6.1 |
| 2017-04-07 | CVE-2016-6805 | XXE vulnerability in Apache Ignite Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents. | 5.9 |
| 2017-04-07 | CVE-2017-6606 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. | 6.4 |
| 2017-04-07 | CVE-2017-6604 | Open Redirect vulnerability in Cisco Unified Computing System 2.2(8B)/3.0(1C)/3.1(2C)B A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2017-04-07 | CVE-2017-6603 | Unspecified vulnerability in Cisco ASR 900 Series Firmware 15.4(3)S3.15 A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. low complexity cisco | 6.5 |
| 2017-04-07 | CVE-2017-6602 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 4.4 |
| 2017-04-07 | CVE-2017-6599 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XR 6.1.1/6.2.1 A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. | 5.3 |