Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-4946 | Cross-site Scripting vulnerability in Cloudera HUE 3.9.0 Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. | 6.1 |
| 2017-03-07 | CVE-2016-9148 | Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1 Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | 6.1 |
| 2017-03-07 | CVE-2016-5315 | Out-of-bounds Read vulnerability in multiple products The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | 5.5 |
| 2017-03-07 | CVE-2016-10040 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT Qxmlsimplereader 4.8.5 Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. | 5.5 |
| 2017-03-07 | CVE-2013-5653 | Information Exposure vulnerability in multiple products The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | 5.5 |
| 2017-03-07 | CVE-2017-6508 | CRLF Injection vulnerability in GNU Wget CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | 6.1 |
| 2017-03-06 | CVE-2017-5197 | Cross-site Scripting vulnerability in Silverstripe There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. | 6.1 |
| 2017-03-06 | CVE-2017-6504 | Improper Input Validation vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. | 6.1 |
| 2017-03-06 | CVE-2017-6503 | Cross-site Scripting vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | 6.1 |
| 2017-03-06 | CVE-2017-6502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.9.7 An issue was discovered in ImageMagick 6.9.7. | 5.5 |