Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-7972 | Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. low complexity schneider-electric | 5.5 |
| 2017-09-26 | CVE-2017-7971 | Improper Certificate Validation vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | 6.5 |
| 2017-09-26 | CVE-2017-7970 | Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. low complexity schneider-electric | 6.5 |
| 2017-09-26 | CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. | 5.5 |
| 2017-09-26 | CVE-2014-8889 | Information Exposure vulnerability in Dropbox SDK 1.5.4/1.6.1 Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | 5.3 |
| 2017-09-25 | CVE-2017-14735 | Cross-site Scripting vulnerability in Antisamy Project Antisamy OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | 6.1 |
| 2017-09-25 | CVE-2017-14733 | Out-of-bounds Read vulnerability in multiple products ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 6.5 |
| 2017-09-25 | CVE-2017-14731 | Out-of-bounds Read vulnerability in Libofx Project Libofx 0.9.12 ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | 6.5 |
| 2017-09-25 | CVE-2015-8375 | Cross-site Scripting vulnerability in PHP-Fusion 9.00 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 5.4 |
| 2017-09-25 | CVE-2015-8251 | Information Exposure vulnerability in Unify products OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. | 5.9 |