Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2016-6764 | Resource Management Errors vulnerability in Google Android A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2017-01-12 | CVE-2016-6763 | Improper Access Control vulnerability in Google Android A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2017-01-12 | CVE-2016-6757 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-01-12 | CVE-2016-6756 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-01-11 | CVE-2016-4807 | Cross-site Scripting vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 4.8 |
| 2017-01-11 | CVE-2017-2947 | Improper Input Validation vulnerability in Adobe products Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | 5.5 |
| 2017-01-11 | CVE-2017-2938 | Unspecified vulnerability in Adobe Flash Player Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | 6.5 |
| 2017-01-10 | CVE-2016-9247 | Improper Input Validation vulnerability in F5 products Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart. | 5.9 |
| 2017-01-10 | CVE-2016-6837 | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. | 6.1 |
| 2017-01-10 | CVE-2015-4591 | Cross-site Scripting vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | 6.1 |