Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-14731 Out-of-bounds Read vulnerability in Libofx Project Libofx 0.9.12
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.
network
low complexity
libofx-project CWE-125
6.5
2017-09-25 CVE-2015-8375 Cross-site Scripting vulnerability in PHP-Fusion 9.00
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
network
low complexity
php-fusion CWE-79
5.4
2017-09-25 CVE-2015-8251 Information Exposure vulnerability in Unify products
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.
network
high complexity
unify CWE-200
5.9
2017-09-25 CVE-2015-7846 Information Exposure vulnerability in Huawei products
Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.
low complexity
huawei CWE-200
4.6
2017-09-25 CVE-2015-7785 Improper Certificate Validation vulnerability in Comicsmart Ganma! 2.0.9
GANMA! App for iOS does not verify SSL certificates.
network
high complexity
comicsmart CWE-295
5.9
2017-09-25 CVE-2015-6592 7PK - Security Features vulnerability in Huawei Uap2105 Firmware
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
low complexity
huawei CWE-254
6.8
2017-09-25 CVE-2015-5666 Improper Certificate Validation vulnerability in ANA ALL Nippon Airways 3.1.1/3.3.6
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
network
high complexity
ana CWE-295
5.9
2017-09-25 CVE-2015-5327 Out-of-bounds Read vulnerability in Linux Kernel 4.3
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
network
low complexity
linux CWE-125
6.5
2017-09-25 CVE-2015-5181 Cross-site Scripting vulnerability in Redhat Jboss A-Mq
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
network
low complexity
redhat CWE-79
5.4
2017-09-25 CVE-2015-5169 Cross-site Scripting vulnerability in Apache Struts
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
network
low complexity
apache CWE-79
6.1