Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-1229 Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-11-13 CVE-2017-15526 NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
low complexity
symantec CWE-476
6.8
2017-11-13 CVE-2017-15525 Unspecified vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
low complexity
symantec
4.5
2017-11-13 CVE-2017-16808 Out-of-bounds Read vulnerability in Tcpdump 4.9.2
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
local
low complexity
tcpdump CWE-125
5.5
2017-11-13 CVE-2017-16807 Cross-site Scripting vulnerability in Getkirby Panel
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
network
low complexity
getkirby CWE-79
5.4
2017-11-13 CVE-2017-16805 Out-of-bounds Read vulnerability in Radare Radare2 2.0.1
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
local
low complexity
radare CWE-125
5.5
2017-11-13 CVE-2017-16804 Information Exposure vulnerability in multiple products
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
network
low complexity
redmine debian CWE-200
4.3
2017-11-13 CVE-2017-16802 Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
network
low complexity
misp-project CWE-79
5.4
2017-11-13 CVE-2017-7739 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
network
low complexity
fortinet CWE-79
6.1
2017-11-13 CVE-2017-8806 Link Following vulnerability in Postgresql
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
local
low complexity
postgresql CWE-59
5.5