Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-0849 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libavc). | 5.3 |
| 2017-11-16 | CVE-2017-0848 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.3 |
| 2017-11-16 | CVE-2017-11022 | Information Exposure vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. | 5.3 |
| 2017-11-16 | CVE-2017-4930 | Cross-site Scripting vulnerability in VMWare Airwatch VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. | 5.4 |
| 2017-11-16 | CVE-2017-16867 | Unspecified vulnerability in Amazon KEY Firmware 20171116 Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. low complexity amazon | 6.5 |
| 2017-11-16 | CVE-2017-16866 | Cross-site Scripting vulnerability in Finecms 5.2.0 dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | 6.1 |
| 2017-11-16 | CVE-2017-16843 | Cross-site Scripting vulnerability in Vonage Vdv-23 Firmware 3.2.110.9.40 Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | 5.4 |
| 2017-11-16 | CVE-2017-16560 | Insecure Storage of Sensitive Information vulnerability in Sandisk Secureaccess 3.01 SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. | 4.3 |
| 2017-11-16 | CVE-2017-12323 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12322 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |