Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000005 | Cross-site Scripting vulnerability in PHPminiadmin Project PHPminiadmin 1.9.160930 PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | 6.1 |
| 2017-07-17 | CVE-2017-0196 | Information Exposure vulnerability in Microsoft Edge An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | 6.5 |
| 2017-07-17 | CVE-2016-6312 | Resource Exhaustion vulnerability in Redhat Enterprise Linux 5.11 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). | 6.5 |
| 2017-07-17 | CVE-2016-4984 | Race Condition vulnerability in Openldap Openldap-Servers /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | 4.7 |
| 2017-07-17 | CVE-2016-4982 | Race Condition vulnerability in Teether Authd authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | 4.7 |
| 2017-07-17 | CVE-2016-10398 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0 Android 6.0 has an authentication bypass for attackers with root and physical access. | 6.2 |
| 2017-07-17 | CVE-2016-0764 | Race Condition vulnerability in Redhat Networkmanager Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | 6.2 |
| 2017-07-13 | CVE-2017-7672 | Improper Input Validation vulnerability in Apache Struts If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |
| 2017-07-13 | CVE-2017-1308 | Files or Directories Accessible to External Parties vulnerability in IBM Daeja Viewone 4.1.5/4.1.5.1/5.0 IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. | 6.5 |
| 2017-07-13 | CVE-2016-8952 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. | 5.4 |