Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-0783 | Information Exposure vulnerability in Novell Zenworks Configuration Management The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | 6.5 |
| 2017-08-09 | CVE-2014-9701 | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. | 6.5 |
| 2017-08-09 | CVE-2014-6393 | Cross-site Scripting vulnerability in Openjsf Express The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding. | 6.1 |
| 2017-08-09 | CVE-2014-5144 | Cross-site Scripting vulnerability in Telescopeapp Telescope 0.9.0 Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | 5.4 |
| 2017-08-09 | CVE-2015-5619 | Improper Certificate Validation vulnerability in multiple products Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | 5.9 |
| 2017-08-09 | CVE-2017-5695 | Improper Input Validation vulnerability in Intel products Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors. | 4.6 |
| 2017-08-09 | CVE-2017-5694 | Unspecified vulnerability in Intel SSD PRO 6000P Firmware Psf104P/Psf109P Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors. low complexity intel | 4.6 |
| 2017-08-08 | CVE-2017-8673 | Unspecified vulnerability in Microsoft Windows 10 1703 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | 5.9 |
| 2017-08-08 | CVE-2017-8668 | Information Exposure vulnerability in Microsoft products The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". | 5.5 |
| 2017-08-08 | CVE-2017-8666 | Information Exposure vulnerability in Microsoft products Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". | 5.5 |