Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2017-6656 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. | 5.9 |
| 2017-06-13 | CVE-2017-6655 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. | 6.5 |
| 2017-06-13 | CVE-2017-4974 | SQL Injection vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. | 6.5 |
| 2017-06-13 | CVE-2017-4971 | Insecure Default Initialization of Resource vulnerability in Pivotal Spring web Flow An issue was discovered in Pivotal Spring Web Flow through 2.4.4. | 5.9 |
| 2017-06-13 | CVE-2017-4970 | Unspecified vulnerability in Cloudfoundry Cf-Release and Staticfile Buildpack An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. | 5.9 |
| 2017-06-13 | CVE-2017-4967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. | 6.1 |
| 2017-06-13 | CVE-2017-4965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. | 6.1 |
| 2017-06-13 | CVE-2016-8219 | Improper Privilege Management vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. | 6.5 |
| 2017-06-12 | CVE-2015-9097 | CRLF Injection vulnerability in Mail Project Mail The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | 6.1 |
| 2017-06-12 | CVE-2015-9096 | CRLF Injection vulnerability in Ruby-Lang Ruby Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | 6.1 |