Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-11 CVE-2017-7674 Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin.
network
low complexity
apache CWE-345
4.3
2017-08-10 CVE-2017-7737 Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
network
low complexity
fortinet CWE-552
4.9
2017-08-10 CVE-2017-12798 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-08-10 CVE-2016-6812 Cross-site Scripting vulnerability in Apache CXF
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints.
network
low complexity
apache CWE-79
6.1
2017-08-10 CVE-2016-6794 When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager.
network
low complexity
apache debian redhat netapp canonical oracle
5.3
2017-08-10 CVE-2016-0762 Information Exposure Through Discrepancy vulnerability in multiple products
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist.
network
high complexity
apache canonical debian redhat netapp oracle CWE-203
5.9
2017-08-10 CVE-2017-1431 Cross-site Scripting vulnerability in IBM Infosphere Streams
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-08-10 CVE-2017-1377 Information Exposure vulnerability in IBM Runbook Automation
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
4.3
2017-08-10 CVE-2017-1168 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-08-10 CVE-2014-0146 NULL Pointer Dereference vulnerability in Qemu
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
local
low complexity
qemu CWE-476
5.5