Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-30 | CVE-2014-9805 | Improper Input Validation vulnerability in Imagemagick ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | 5.5 |
| 2017-03-30 | CVE-2016-7542 | Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | 4.9 |
| 2017-03-30 | CVE-2016-7541 | 7PK - Security Features vulnerability in Fortinet Fortios Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. | 5.9 |
| 2017-03-30 | CVE-2017-7320 | Cross-site Scripting vulnerability in Modx Revolution setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. | 6.1 |
| 2017-03-29 | CVE-2016-4976 | Information Exposure vulnerability in Apache Ambari Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | 5.5 |
| 2017-03-29 | CVE-2017-7299 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. | 5.5 |
| 2017-03-29 | CVE-2017-5900 | Cross-site Scripting vulnerability in Netcomm Nb16Wv-02 Firmware Nb16Wvr0.09 Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. | 5.4 |
| 2017-03-29 | CVE-2016-6846 | Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-29 | CVE-2015-8234 | Cryptographic Issues vulnerability in Openstack Glance 11.0.0 The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | 5.5 |
| 2017-03-29 | CVE-2017-7298 | Cross-site Scripting vulnerability in Moodle 3.2.2 In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | 5.4 |