Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2016-9196 | Permissions, Privileges, and Access Controls vulnerability in Cisco Aironet Access Point A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. | 6.7 |
| 2017-04-07 | CVE-2016-9195 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller 8.3.102.0 A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. | 5.3 |
| 2017-04-07 | CVE-2017-7579 | Cross-site Scripting vulnerability in PHPmyfaq inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | 6.1 |
| 2017-04-07 | CVE-2017-2387 | Improper Certificate Validation vulnerability in Apple Music 1.2.1 The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.8 |
| 2017-04-06 | CVE-2016-1000307 | Cross-site Scripting vulnerability in Clip-Bucket Clipbucket Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. | 6.1 |
| 2017-04-06 | CVE-2015-4673 | Cross-site Scripting vulnerability in Clip-Bucket Clipbucket 2.7.0.5 Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | 5.4 |
| 2017-04-06 | CVE-2016-5349 | Information Exposure vulnerability in Google Android The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. | 5.5 |
| 2017-04-06 | CVE-2016-9194 | Resource Management Errors vulnerability in Cisco products A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2017-04-06 | CVE-2016-10319 | Integer Overflow or Wraparound vulnerability in ARM Trusted Firmware Project ARM Trusted Firmware 1.2/1.3 In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. | 5.9 |
| 2017-04-06 | CVE-2017-7454 | Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0 The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |