Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2017-14731 | Out-of-bounds Read vulnerability in Libofx Project Libofx 0.9.12 ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | 6.5 |
| 2017-09-25 | CVE-2015-8375 | Cross-site Scripting vulnerability in PHP-Fusion 9.00 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 5.4 |
| 2017-09-25 | CVE-2015-8251 | Information Exposure vulnerability in Unify products OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. | 5.9 |
| 2017-09-25 | CVE-2015-7846 | Information Exposure vulnerability in Huawei products Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | 4.6 |
| 2017-09-25 | CVE-2015-7785 | Improper Certificate Validation vulnerability in Comicsmart Ganma! 2.0.9 GANMA! App for iOS does not verify SSL certificates. | 5.9 |
| 2017-09-25 | CVE-2015-6592 | 7PK - Security Features vulnerability in Huawei Uap2105 Firmware Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | 6.8 |
| 2017-09-25 | CVE-2015-5666 | Improper Certificate Validation vulnerability in ANA ALL Nippon Airways 3.1.1/3.3.6 ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | 5.9 |
| 2017-09-25 | CVE-2015-5327 | Out-of-bounds Read vulnerability in Linux Kernel 4.3 Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | 6.5 |
| 2017-09-25 | CVE-2015-5181 | Cross-site Scripting vulnerability in Redhat Jboss A-Mq The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 5.4 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |