Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-14 | CVE-2017-6877 | Cross-site Scripting vulnerability in Lutim Project Lutim Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. | 6.1 |
| 2017-03-13 | CVE-2014-3926 | Cross-site Scripting vulnerability in LG Project LG Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. | 6.1 |
| 2017-03-13 | CVE-2017-6807 | Cross-site Scripting vulnerability in Uninett MOD Auth Mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | 6.1 |
| 2017-03-13 | CVE-2015-6671 | Information Exposure vulnerability in EDX Edx-Platform Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | 5.9 |
| 2017-03-13 | CVE-2017-5621 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 6.1 |
| 2017-03-13 | CVE-2017-5620 | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 6.1 |
| 2017-03-13 | CVE-2015-4409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | 6.5 |
| 2017-03-13 | CVE-2015-4408 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | 6.5 |
| 2017-03-13 | CVE-2015-4407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | 6.5 |
| 2017-03-12 | CVE-2014-9645 | Improper Input Validation vulnerability in Busybox The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | 5.5 |