Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2016-9922 Divide By Zero vulnerability in Qemu
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
local
low complexity
qemu CWE-369
5.5
2017-03-27 CVE-2016-7474 Information Exposure vulnerability in F5 products
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
local
low complexity
f5 CWE-200
5.5
2017-03-27 CVE-2015-8310 Cross-site Scripting vulnerability in Fomori Cherrymusic 0.35.2
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
network
low complexity
fomori CWE-79
5.4
2017-03-27 CVE-2015-8309 Path Traversal vulnerability in Fomori Cherrymusic 0.35.2
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
network
low complexity
fomori CWE-22
4.3
2017-03-27 CVE-2017-6067 Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.9
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
network
low complexity
getsymphony CWE-79
6.1
2017-03-27 CVE-2017-6003 Cross-site Scripting vulnerability in Dotcms 3.7.0
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
network
low complexity
dotcms CWE-79
6.1
2017-03-26 CVE-2017-5622 Incorrect Default Permissions vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.
low complexity
oneplus CWE-276
5.9
2017-03-26 CVE-2017-2645 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
2017-03-26 CVE-2017-2644 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
2017-03-26 CVE-2017-2643 Information Exposure vulnerability in Moodle 3.2.0/3.2.1
In Moodle 3.2.x, global search displays user names for unauthenticated users.
network
low complexity
moodle CWE-200
5.3