Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-22 | CVE-2016-9910 | Cross-site Scripting vulnerability in Html5Lib 0.99999999 The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. | 6.1 |
| 2017-02-22 | CVE-2016-9909 | Cross-site Scripting vulnerability in Html5Lib 0.99999999 The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | 6.1 |
| 2017-02-22 | CVE-2016-9384 | Information Exposure vulnerability in XEN 4.7.0/4.7.1 Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | 6.5 |
| 2017-02-22 | CVE-2016-9378 | Improper Access Control vulnerability in XEN Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | 5.5 |
| 2017-02-22 | CVE-2016-9377 | Incorrect Calculation vulnerability in XEN Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | 5.5 |
| 2017-02-22 | CVE-2017-3847 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center 6.2.1 A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-02-22 | CVE-2017-3845 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-02-22 | CVE-2017-3844 | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. | 4.3 |
| 2017-02-22 | CVE-2017-3843 | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. | 4.3 |
| 2017-02-22 | CVE-2017-3842 | Information Exposure vulnerability in Cisco Intrusion Prevention System Device Manager 7.2(1)V7 A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. | 5.3 |