Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-14 | CVE-2016-10169 | Out-of-bounds Read vulnerability in Wavpack Project Wavpack The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | 5.5 |
| 2017-03-14 | CVE-2017-6883 | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. | 4.7 |
| 2017-03-14 | CVE-2017-6877 | Cross-site Scripting vulnerability in Lutim Project Lutim Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. | 6.1 |
| 2017-03-13 | CVE-2014-3926 | Cross-site Scripting vulnerability in LG Project LG Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. | 6.1 |
| 2017-03-13 | CVE-2017-6807 | Cross-site Scripting vulnerability in Uninett MOD Auth Mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | 6.1 |
| 2017-03-13 | CVE-2015-6671 | Information Exposure vulnerability in EDX Edx-Platform Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | 5.9 |
| 2017-03-13 | CVE-2017-5621 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 6.1 |
| 2017-03-13 | CVE-2017-5620 | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 6.1 |
| 2017-03-13 | CVE-2015-4409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | 6.5 |
| 2017-03-13 | CVE-2015-4408 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | 6.5 |