Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-6679 | Unspecified vulnerability in Cisco Umbrella 2.0.3 The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. | 6.4 |
| 2017-12-01 | CVE-2017-16893 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. | 6.5 |
| 2017-12-01 | CVE-2017-16611 | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 5.5 |
| 2017-12-01 | CVE-2017-14953 | Missing Encryption of Sensitive Data vulnerability in Hikvision Ds-2Cd2432F-Iw Firmware 5.3.0/5.4.0 HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. | 6.5 |
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 6.2 |
| 2017-12-01 | CVE-2017-3105 | Open Redirect vulnerability in Adobe Robohelp Adobe RoboHelp has an Open Redirect vulnerability. | 6.1 |
| 2017-12-01 | CVE-2017-3104 | Cross-site Scripting vulnerability in Adobe Robohelp Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2017-12-01 | CVE-2017-17087 | Exposure of Resource to Wrong Sphere vulnerability in multiple products fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | 5.5 |
| 2017-12-01 | CVE-2017-11285 | Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2017-11-30 | CVE-2017-17081 | Out-of-bounds Read vulnerability in Ffmpeg 3.4 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | 6.5 |