Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-14 | CVE-2017-9464 | Open Redirect vulnerability in Piwigo An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. | 6.1 |
| 2017-06-14 | CVE-2017-9463 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. | 6.5 |
| 2017-06-14 | CVE-2017-7677 | Missing Authorization vulnerability in Apache Ranger In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. | 5.9 |
| 2017-06-14 | CVE-2016-8751 | Cross-site Scripting vulnerability in Apache Ranger Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. | 4.8 |
| 2017-06-14 | CVE-2016-8746 | Untrusted Search Path vulnerability in Apache Ranger Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | 5.9 |
| 2017-06-14 | CVE-2017-9502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. | 5.3 |
| 2017-06-14 | CVE-2017-0651 | Information Exposure vulnerability in Linux Kernel 3.18 An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-06-14 | CVE-2017-0650 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-06-14 | CVE-2017-0647 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-06-14 | CVE-2017-0646 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. | 5.5 |