Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-26 CVE-2015-0874 Improper Certificate Validation vulnerability in OKB Smart Passbook 1.0.0
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
network
high complexity
okb CWE-295
5.9
2017-09-26 CVE-2017-14744 Cross-site Scripting vulnerability in Baidu Ueditor
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
network
low complexity
baidu CWE-79
6.1
2017-09-26 CVE-2017-1000252 Reachable Assertion vulnerability in Linux Kernel
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
local
low complexity
linux CWE-617
5.5
2017-09-26 CVE-2017-14741 Infinite Loop vulnerability in Imagemagick 7.0.73
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
network
low complexity
imagemagick CWE-835
6.5
2017-09-26 CVE-2017-9960 Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.
network
low complexity
schneider-electric CWE-200
5.3
2017-09-26 CVE-2017-9959 Unspecified vulnerability in Schneider-Electric U.Motion Builder 1.2.1
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.
local
low complexity
schneider-electric
5.5
2017-09-26 CVE-2017-7972 Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
low complexity
schneider-electric
5.5
2017-09-26 CVE-2017-7971 Improper Certificate Validation vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.
network
low complexity
schneider-electric CWE-295
6.5
2017-09-26 CVE-2017-7970 Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
low complexity
schneider-electric
6.5
2017-09-26 CVE-2017-14737 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.
local
low complexity
botan-project debian
5.5