Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-24 | CVE-2016-4487 | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | 5.5 |
| 2017-02-24 | CVE-2016-4043 | Permissions, Privileges, and Access Controls vulnerability in Plone Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | 4.9 |
| 2017-02-24 | CVE-2016-4042 | Information Exposure vulnerability in Plone Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | 5.3 |
| 2017-02-24 | CVE-2017-6299 | Infinite Loop vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 5.5 |
| 2017-02-24 | CVE-2017-6197 | NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. | 5.5 |
| 2017-02-24 | CVE-2017-6099 | Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1 Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | 6.1 |
| 2017-02-24 | CVE-2017-6076 | Information Exposure vulnerability in Wolfssl In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | 5.5 |
| 2017-02-24 | CVE-2014-9916 | Cross-site Scripting vulnerability in Bilboplanet 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. | 6.1 |
| 2017-02-23 | CVE-2016-6055 | Cross-site Scripting vulnerability in IBM products IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-23 | CVE-2016-5883 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |