Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-02 | CVE-2017-10791 | Integer Overflow or Wraparound vulnerability in GNU Pspp 0.10.5Pre2 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. | 6.5 |
| 2017-07-01 | CVE-2017-10789 | Unspecified vulnerability in Dbd-Mysql Project Dbd-Mysql The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. | 5.9 |
| 2017-06-30 | CVE-2017-2298 | Improper Input Validation vulnerability in Puppet Mcollective-Sshkey-Security 0.5.0 The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. | 6.5 |
| 2017-06-30 | CVE-2017-8443 | Information Exposure vulnerability in Elastic Kibana In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. | 6.5 |
| 2017-06-30 | CVE-2017-10709 | Improper Authentication vulnerability in Google Android 6.0 The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | 6.8 |
| 2017-06-30 | CVE-2017-10674 | Improper Input Validation vulnerability in Antiy Antivirus Engine 5.0.0.06281654 Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. | 5.5 |
| 2017-06-30 | CVE-2015-9105 | Cross-site Scripting vulnerability in Synology Video Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | 5.4 |
| 2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 5.4 |
| 2017-06-30 | CVE-2015-9103 | Cross-site Scripting vulnerability in Synology Note Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | 5.4 |
| 2017-06-30 | CVE-2015-9102 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | 5.4 |