Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2016-4546 | Improper Input Validation vulnerability in Samsung Mobile 4.4/5.0/5.1 Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | 5.5 |
| 2017-02-13 | CVE-2016-2787 | Improper Access Control vulnerability in multiple products The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | 5.3 |
| 2017-02-13 | CVE-2015-8750 | NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | 6.5 |
| 2017-02-13 | CVE-2014-9760 | Cross-site Scripting vulnerability in Gosa Project Gosa Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. | 6.1 |
| 2017-02-13 | CVE-2016-6210 | Information Exposure vulnerability in Openbsd Openssh sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. | 5.9 |
| 2017-02-13 | CVE-2017-3902 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | 5.4 |
| 2017-02-13 | CVE-2017-3896 | Improper Input Validation vulnerability in Mcafee Agent Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. | 5.9 |
| 2017-02-12 | CVE-2017-5964 | Cross-site Scripting vulnerability in Openenergymonitor Emoncms An issue was discovered in Emoncms through 9.8.0. | 6.1 |
| 2017-02-12 | CVE-2017-5963 | Cross-site Scripting vulnerability in Caddy Project Caddy An issue was discovered in caddy (for TYPO3) before 7.2.10. | 6.1 |
| 2017-02-12 | CVE-2017-5962 | Cross-site Scripting vulnerability in Netresearch Contexts Wurfl An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. | 6.1 |