Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2017-5583 Information Exposure vulnerability in Paloaltonetworks Pan-Os
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
paloaltonetworks CWE-200
6.5
6.5
2017-03-15 CVE-2016-6906 Out-of-bounds Read vulnerability in Libgd
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
local
low complexity
libgd CWE-125
5.5
5.5
2017-03-15 CVE-2017-6909 Cross-site Scripting vulnerability in Shishnet Shimmie
An issue was discovered in Shimmie <= 2.5.1.
network
low complexity
shishnet CWE-79
6.1
6.1
2017-03-15 CVE-2017-6908 Cross-site Scripting vulnerability in Concrete5
An issue was discovered in concrete5 <= 5.6.3.4.
network
low complexity
concrete5 CWE-79
6.1
6.1
2017-03-15 CVE-2017-6907 Cross-site Scripting vulnerability in Open.Gl Project Open.Gl 20170212
An issue was discovered in Open.GL before 2017-03-13.
network
low complexity
open-gl-project CWE-79
6.1
6.1
2017-03-15 CVE-2017-6906 Cross-site Scripting vulnerability in Siberiancms
An issue was discovered in SiberianCMS before 4.10.0.
network
low complexity
siberiancms CWE-79
6.1
6.1
2017-03-15 CVE-2017-6905 Cross-site Scripting vulnerability in Concrete5
An issue was discovered in concrete5 <= 5.6.3.4.
network
low complexity
concrete5 CWE-79
6.1
6.1
2017-03-14 CVE-2017-3899 SQL Injection vulnerability in Mcafee Advanced Threat Defense
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
network
low complexity
mcafee CWE-89
6.5
6.5
2017-03-14 CVE-2016-8025 SQL Injection vulnerability in Mcafee Virusscan Enterprise
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
network
high complexity
mcafee CWE-89
6.2
6.2
2017-03-14 CVE-2016-8021 Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
local
low complexity
mcafee CWE-347
5.0
5.0