Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2016-2965 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. | 6.5 |
| 2017-08-29 | CVE-2016-2959 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. | 4.3 |
| 2017-08-29 | CVE-2016-10503 | Improper Input Validation vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. | 4.3 |
| 2017-08-29 | CVE-2016-0356 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. | 6.5 |
| 2017-08-29 | CVE-2016-0355 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. | 6.5 |
| 2017-08-29 | CVE-2016-0354 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. | 5.5 |
| 2017-08-29 | CVE-2017-13673 | Reachable Assertion vulnerability in Qemu 2.8.0/2.9.0 The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | 6.5 |
| 2017-08-29 | CVE-2017-12875 | Allocation of Resources Without Limits or Throttling vulnerability in Imagemagick 7.0.66 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | 6.5 |
| 2017-08-29 | CVE-2017-12867 | Insufficient Session Expiration vulnerability in Simplesamlphp The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | 5.9 |
| 2017-08-29 | CVE-2017-12856 | Cross-site Scripting vulnerability in C.P.Sub Project C.P.Sub 5.2 Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | 6.1 |