Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-26 | CVE-2017-9239 | Divide By Zero vulnerability in multiple products An issue was discovered in Exiv2 0.26. | 6.5 |
| 2017-05-26 | CVE-2017-9037 | Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi. | 6.1 |
| 2017-05-26 | CVE-2017-9032 | Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi. | 6.1 |
| 2017-05-26 | CVE-2017-5868 | CRLF Injection vulnerability in Openvpn Access Server 2.1.4 CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | 6.1 |
| 2017-05-25 | CVE-2016-2165 | Improper Input Validation vulnerability in multiple products The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. | 6.5 |
| 2017-05-25 | CVE-2016-0781 | Cross-site Scripting vulnerability in multiple products The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | 6.1 |
| 2017-05-25 | CVE-2015-3190 | Open Redirect vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | 6.1 |
| 2017-05-25 | CVE-2015-1834 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. | 6.5 |
| 2017-05-24 | CVE-2017-9216 | NULL Pointer Dereference vulnerability in multiple products libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. | 6.5 |
| 2017-05-23 | CVE-2017-8314 | Path Traversal vulnerability in multiple products Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | 5.5 |