Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2017-7359 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7309 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. | 4.8 |
| 2017-03-31 | CVE-2017-7241 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. | 4.8 |
| 2017-03-31 | CVE-2017-6973 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. | 4.8 |
| 2017-03-31 | CVE-2016-9319 | Improper Certificate Validation vulnerability in Trendmicro Mobile Security 9.7 There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 5.9 |
| 2017-03-30 | CVE-2017-7346 | Improper Input Validation vulnerability in Linux Kernel The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. | 5.5 |
| 2017-03-30 | CVE-2017-6184 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | 4.7 |
| 2017-03-30 | CVE-2017-5184 | Information Exposure vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | 5.3 |
| 2017-03-30 | CVE-2014-9818 | Out-of-bounds Read vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | 5.5 |
| 2017-03-30 | CVE-2014-9816 | Out-of-bounds Read vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | 5.5 |