Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-8896 | Cross-site Scripting vulnerability in Owncloud ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. | 6.1 |
| 2017-07-17 | CVE-2017-7947 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.3.2/9.0/9.1 NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | 6.5 |
| 2017-07-17 | CVE-2017-3754 | Unspecified vulnerability in Lenovo Bios Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. | 6.7 |
| 2017-07-17 | CVE-2017-3742 | Information Exposure vulnerability in Lenovo Connect2 4.2.5 In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. | 4.8 |
| 2017-07-17 | CVE-2017-11128 | Cross-site Scripting vulnerability in Boltcms Bolt 3.2.14 Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | 5.4 |
| 2017-07-17 | CVE-2017-11127 | Cross-site Scripting vulnerability in Boltcms Bolt 3.2.14 Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | 5.4 |
| 2017-07-17 | CVE-2017-7532 | Improper Privilege Management vulnerability in Moodle In Moodle 3.x, course creators are able to change system default settings for courses. | 6.5 |
| 2017-07-17 | CVE-2017-7531 | Information Exposure vulnerability in Moodle 3.3.0 In Moodle 3.3, the course overview block reveals activities in hidden courses. | 4.3 |
| 2017-07-17 | CVE-2017-2642 | Information Exposure vulnerability in Moodle Moodle 3.x has user fullname disclosure on the user preferences page. | 6.5 |
| 2017-07-17 | CVE-2017-8034 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudfoundry Capi-Release and Cf-Release The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. | 6.6 |