Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-12 | CVE-2017-11906 | Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 5.3 |
| 2017-12-12 | CVE-2017-11887 | Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 5.3 |
| 2017-12-12 | CVE-2017-11885 | Improper Input Validation vulnerability in Microsoft products Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". | 6.6 |
| 2017-12-12 | CVE-2017-1000385 | Information Exposure Through Discrepancy vulnerability in multiple products The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. | 5.9 |
| 2017-12-12 | CVE-2017-12155 | Missing Authentication for Critical Function vulnerability in Ceph A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. | 6.3 |
| 2017-12-12 | CVE-2017-17558 | Out-of-bounds Write vulnerability in multiple products The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-12-12 | CVE-2017-16691 | Improper Input Validation vulnerability in SAP Business Application Software Integrated Solution SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. | 6.5 |
| 2017-12-12 | CVE-2017-16687 | Information Exposure vulnerability in SAP Hana Database 1.00/2.00 The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. | 5.3 |
| 2017-12-12 | CVE-2017-16685 | Cross-site Scripting vulnerability in SAP Business Warehouse Universal Data Integration Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | 6.1 |
| 2017-12-12 | CVE-2017-16683 | Unspecified vulnerability in SAP Businessobjects 4.10/4.20 Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | 6.5 |