Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-7006 | Information Exposure Through Discrepancy vulnerability in Apple products An issue was discovered in certain Apple products. | 5.3 |
| 2017-07-20 | CVE-2017-2517 | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 6.5 |
| 2017-07-20 | CVE-2017-11478 | Infinite Loop vulnerability in Imagemagick The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | 6.5 |
| 2017-07-20 | CVE-2017-10676 | Cross-site Scripting vulnerability in D-Link Dir-600M Firmware Fw3.05B01 On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | 6.1 |
| 2017-07-19 | CVE-2017-1223 | Open Redirect vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-07-19 | CVE-2017-1219 | XXE vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.5 |
| 2017-07-19 | CVE-2017-1203 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. | 6.1 |
| 2017-07-19 | CVE-2016-6018 | Information Exposure vulnerability in IBM Emptoris Contract Management IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. | 4.3 |
| 2017-07-19 | CVE-2016-5394 | Cross-site Scripting vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | 6.1 |
| 2017-07-19 | CVE-2016-7509 | Cross-site Scripting vulnerability in Glpi-Project Glpi 0.90.4 Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | 5.4 |