Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-13 | CVE-2017-1229 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-11-13 | CVE-2017-15526 | NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | 6.8 |
| 2017-11-13 | CVE-2017-15525 | Unspecified vulnerability in Symantec Endpoint Encryption Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. low complexity symantec | 4.5 |
| 2017-11-13 | CVE-2017-16808 | Out-of-bounds Read vulnerability in Tcpdump 4.9.2 tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | 5.5 |
| 2017-11-13 | CVE-2017-16807 | Cross-site Scripting vulnerability in Getkirby Panel A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | 5.4 |
| 2017-11-13 | CVE-2017-16805 | Out-of-bounds Read vulnerability in Radare Radare2 2.0.1 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. | 5.5 |
| 2017-11-13 | CVE-2017-16804 | Information Exposure vulnerability in multiple products In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | 4.3 |
| 2017-11-13 | CVE-2017-16802 | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82 In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | 5.4 |
| 2017-11-13 | CVE-2017-7739 | Cross-site Scripting vulnerability in Fortinet Fortios A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | 6.1 |
| 2017-11-13 | CVE-2017-8806 | Link Following vulnerability in Postgresql The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | 5.5 |