Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-16 CVE-2016-5854 Information Exposure vulnerability in Google Android
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.
local
high complexity
google CWE-200
4.7
2017-08-16 CVE-2016-5347 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.
local
high complexity
google CWE-200
4.7
2017-08-15 CVE-2017-12855 Information Exposure vulnerability in XEN
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use.
local
low complexity
xen CWE-200
6.5
2017-08-14 CVE-2017-1190 Unspecified vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system.
local
high complexity
ibm
6.4
2017-08-14 CVE-2016-6029 Information Exposure vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-08-14 CVE-2016-6021 Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-08-14 CVE-2017-11149 Server-Side Request Forgery (SSRF) vulnerability in Synology Download Station
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
network
low complexity
synology CWE-918
6.5
2017-08-14 CVE-2017-9662 Improper Privilege Management vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0.
local
low complexity
fujielectric CWE-269
5.3
2017-08-14 CVE-2017-9655 Cross-site Scripting vulnerability in Osisoft products
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017.
network
low complexity
osisoft CWE-79
5.4
2017-08-14 CVE-2017-9802 Cross-site Scripting vulnerability in Apache Sling Servlets Post 2.3.20
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
network
low complexity
apache CWE-79
6.1