Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-24 | CVE-2016-3178 | Out-of-bounds Read vulnerability in Miniupnp Project Minissdpd 1.2.201309073 The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | 5.5 |
| 2017-03-24 | CVE-2016-10130 | Improper Access Control vulnerability in Libgit2 Project Libgit2 0.25.0 The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. | 5.9 |
| 2017-03-24 | CVE-2017-5644 | XML Entity Expansion vulnerability in Apache POI Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | 5.5 |
| 2017-03-24 | CVE-2015-8678 | Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. | 5.5 |
| 2017-03-24 | CVE-2017-6507 | Improper Privilege Management vulnerability in multiple products An issue was discovered in AppArmor before 2.12. | 5.9 |
| 2017-03-23 | CVE-2017-7251 | Cross-site Scripting vulnerability in Piengine PI 2.5.0 A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. | 6.1 |
| 2017-03-23 | CVE-2017-7250 | Cross-site Scripting vulnerability in Gazelle Project Gazelle A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7249 | Cross-site Scripting vulnerability in Gazelle Project Gazelle Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7248 | Cross-site Scripting vulnerability in Gazelle Project Gazelle A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7247 | Cross-site Scripting vulnerability in Gazelle Project Gazelle Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. | 6.1 |