Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-7410 | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20160613 The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | 5.5 |
| 2017-01-23 | CVE-2016-6484 | CRLF Injection vulnerability in Infoblox Netmri CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | 6.1 |
| 2017-01-23 | CVE-2016-5876 | Permissions, Privileges, and Access Controls vulnerability in Owncloud ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | 5.9 |
| 2017-01-23 | CVE-2016-5237 | Permissions, Privileges, and Access Controls vulnerability in Valvesoftware Steamos 3.42.16.13 Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | 4.8 |
| 2017-01-23 | CVE-2016-4484 | Improper Authentication vulnerability in Cryptsetup Project Cryptsetup The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | 6.8 |
| 2017-01-23 | CVE-2016-4056 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. | 6.1 |
| 2017-01-23 | CVE-2016-4055 | Resource Exhaustion vulnerability in multiple products The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | 6.5 |
| 2017-01-23 | CVE-2016-0765 | Cross-site Scripting vulnerability in Elfden Eshop Plugin 6.3.14 Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter. | 6.1 |
| 2017-01-23 | CVE-2015-8862 | Cross-site Scripting vulnerability in Mustache.Js Project Mustache.Js mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |
| 2017-01-23 | CVE-2015-8861 | Cross-site Scripting vulnerability in Handlebars.Js Project Handlebars.Js The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |