Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-16 CVE-2017-0849 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (libavc).
network
low complexity
google CWE-200
5.3
2017-11-16 CVE-2017-0848 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (libeffects).
network
low complexity
google CWE-200
5.3
2017-11-16 CVE-2017-11022 Information Exposure vulnerability in Google Android
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features.
network
low complexity
google CWE-200
5.3
2017-11-16 CVE-2017-4930 Cross-site Scripting vulnerability in VMWare Airwatch
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page.
network
low complexity
vmware CWE-79
5.4
2017-11-16 CVE-2017-16867 Unspecified vulnerability in Amazon KEY Firmware 20171116
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.
low complexity
amazon
6.5
2017-11-16 CVE-2017-16866 Cross-site Scripting vulnerability in Finecms 5.2.0
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
network
low complexity
finecms CWE-79
6.1
2017-11-16 CVE-2017-16843 Cross-site Scripting vulnerability in Vonage Vdv-23 Firmware 3.2.110.9.40
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
network
low complexity
vonage CWE-79
5.4
2017-11-16 CVE-2017-16560 Insecure Storage of Sensitive Information vulnerability in Sandisk Secureaccess 3.01
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.
low complexity
sandisk CWE-922
4.3
2017-11-16 CVE-2017-12323 Cross-site Scripting vulnerability in Cisco Registered Envelope Service
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.
network
low complexity
cisco CWE-79
6.1
2017-11-16 CVE-2017-12322 Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.
network
low complexity
cisco CWE-79
6.1