Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-10 | CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. | 5.3 |
| 2017-08-10 | CVE-2016-0762 | Information Exposure Through Discrepancy vulnerability in multiple products The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. | 5.9 |
| 2017-08-10 | CVE-2017-1431 | Cross-site Scripting vulnerability in IBM Infosphere Streams IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-10 | CVE-2017-1377 | Information Exposure vulnerability in IBM Runbook Automation IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. | 4.3 |
| 2017-08-10 | CVE-2017-1168 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-10 | CVE-2014-0146 | NULL Pointer Dereference vulnerability in Qemu The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. | 5.5 |
| 2017-08-10 | CVE-2014-0142 | Divide By Zero vulnerability in Qemu QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. | 5.5 |
| 2017-08-10 | CVE-2017-3753 | Code Injection vulnerability in Lenovo products A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. | 6.8 |
| 2017-08-09 | CVE-2017-12777 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. | 6.1 |
| 2017-08-09 | CVE-2017-0739 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android media framework (libhevc). | 5.5 |