Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-12284 Information Exposure vulnerability in Cisco Jabber 11.8(.4)
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information.
local
low complexity
cisco CWE-200
5.5
2017-10-19 CVE-2017-12272 Cross-site Scripting vulnerability in Cisco IOS XE 16.1.2/16.2.0/16.3(1)
A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.
network
low complexity
cisco CWE-79
6.1
2017-10-18 CVE-2015-6961 Open Redirect vulnerability in Web2Py 2.9.11
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.
network
low complexity
web2py CWE-601
6.1
2017-10-18 CVE-2017-15359 Path Traversal vulnerability in 3CX 15.5.3554.1
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters.
network
low complexity
3cx CWE-22
6.5
2017-10-18 CVE-2017-14956 Cross-Site Request Forgery (CSRF) vulnerability in Alienvault Unified Security Management
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script.
network
low complexity
alienvault CWE-352
5.7
2017-10-18 CVE-2015-7943 Open Redirect vulnerability in multiple products
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
6.1
2017-10-18 CVE-2015-1239 Double Free vulnerability in multiple products
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
network
low complexity
uclouvain google debian CWE-415
6.5
2017-10-18 CVE-2015-3400 Information Exposure vulnerability in Zfsonlinux ZFS 0.6.4
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
network
low complexity
zfsonlinux CWE-200
4.3
2017-10-18 CVE-2014-8491 Information Exposure vulnerability in Codeasily Grand Flagallery 1.56
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
network
low complexity
codeasily CWE-200
5.3
2017-10-18 CVE-2014-7813 Resource Exhaustion vulnerability in Redhat Cloudforms 3.0 Management Engine
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
network
low complexity
redhat CWE-400
6.5