Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-1508 Unspecified vulnerability in IBM Informix Dynamic Server 12.10
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges.
local
low complexity
ibm
6.7
2017-09-13 CVE-2017-7560 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Rhnsd
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
local
low complexity
redhat CWE-732
5.5
2017-09-13 CVE-2017-14420 Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware
The D-Link NPAPI extension, as used on D-Link DIR-850L REV.
network
high complexity
dlink CWE-295
5.9
2017-09-13 CVE-2017-14419 Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware
The D-Link NPAPI extension, as used on D-Link DIR-850L REV.
network
high complexity
dlink CWE-295
5.9
2017-09-13 CVE-2017-14416 Cross-site Scripting vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-79
6.1
2017-09-13 CVE-2017-14415 Cross-site Scripting vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-79
6.1
2017-09-13 CVE-2017-14414 Cross-site Scripting vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-79
6.1
2017-09-13 CVE-2017-14413 Cross-site Scripting vulnerability in Dlink Dir-850L Firmware
D-Link DIR-850L REV.
network
low complexity
dlink CWE-79
6.1
2017-09-13 CVE-2017-3165 Cross-site Scripting vulnerability in Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources.
network
low complexity
apache CWE-79
5.4
2017-09-13 CVE-2017-14124 Improper Privilege Management vulnerability in Unicon-Software RP
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.
local
high complexity
unicon-software CWE-269
6.3