Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-27 CVE-2015-8697 Improper Access Control vulnerability in Stalin Project Stalin 0.115
stalin 0.11-5 allows local users to write to arbitrary files.
local
low complexity
stalin-project CWE-284
5.5
5.5
2017-06-27 CVE-2015-7898 Improper Access Control vulnerability in Samsung Mobile
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
local
low complexity
samsung CWE-284
5.5
5.5
2017-06-27 CVE-2015-7895 Improper Access Control vulnerability in Samsung Mobile
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
local
low complexity
samsung CWE-284
5.5
5.5
2017-06-27 CVE-2015-7780 Path Traversal vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
network
low complexity
zohocorp CWE-22
6.5
6.5
2017-06-27 CVE-2015-3840 Improper Access Control vulnerability in Google Android
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
local
low complexity
google CWE-284
5.5
5.5
2017-06-27 CVE-2017-1328 Unspecified vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy.
network
low complexity
ibm
5.3
5.3
2017-06-27 CVE-2017-1234 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-06-27 CVE-2016-9972 Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-264
5.9
5.9
2017-06-27 CVE-2016-6083 Information Exposure vulnerability in IBM Tivoli Monitoring
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information.
network
low complexity
ibm CWE-200
5.3
5.3
2017-06-27 CVE-2017-7522 NULL Pointer Dereference vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
network
low complexity
openvpn CWE-476
6.5
6.5