Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-18 | CVE-2017-9767 | Cross-site Scripting vulnerability in Quali Cloudshell 7.1.0.6508 Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. | 5.4 |
| 2017-08-18 | CVE-2017-12859 | Improper Input Validation vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. | 5.9 |
| 2017-08-18 | CVE-2017-12680 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | 6.1 |
| 2017-08-18 | CVE-2015-4082 | Permissions, Privileges, and Access Controls vulnerability in Attic Project Attic attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | 6.5 |
| 2017-08-18 | CVE-2015-1878 | Permissions, Privileges, and Access Controls vulnerability in Thalesesecurity Nshield Connect Firmware 11.30 Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. | 6.8 |
| 2017-08-18 | CVE-2017-1501 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. | 5.9 |
| 2017-08-18 | CVE-2017-1338 | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-18 | CVE-2017-10811 | OS Command Injection vulnerability in Buffalo Wcr-1166Ds Firmware 1.30 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-08-18 | CVE-2017-12927 | Cross-site Scripting vulnerability in Cacti 1.1.17 A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | 6.1 |
| 2017-08-17 | CVE-2017-6790 | Unspecified vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. | 6.8 |