Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-02 CVE-2017-7216 Information Exposure vulnerability in Paloaltonetworks Pan-Os
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.
network
low complexity
paloaltonetworks CWE-200
6.5
2017-05-02 CVE-2017-8112 Infinite Loop vulnerability in multiple products
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
local
low complexity
qemu debian CWE-835
6.5
2017-05-02 CVE-2017-8086 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
local
low complexity
qemu debian CWE-772
6.5
2017-05-02 CVE-2017-7440 Improper Restriction of Rendered UI Layers or Frames vulnerability in GFI Kerio Connect and Kerio Connect Client
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.
network
low complexity
gfi CWE-1021
6.5
2017-05-02 CVE-2016-5810 Information Exposure vulnerability in Advantech Webaccess
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
network
low complexity
advantech CWE-200
4.9
2017-05-02 CVE-2016-5063 Improper Authorization vulnerability in BMC Server Automation 8.6/8.7
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
network
low complexity
bmc CWE-285
5.3
2017-05-02 CVE-2016-4467 Improper Certificate Validation vulnerability in Apache Qpid Proton
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
network
high complexity
apache CWE-295
5.9
2017-05-02 CVE-2016-4442 Information Exposure vulnerability in Miniprofiler Rack-Mini-Profiler
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.
network
low complexity
miniprofiler CWE-200
5.3
2017-05-01 CVE-2017-8401 Out-of-bounds Read vulnerability in Swftools
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724.
network
low complexity
swftools CWE-125
6.5
2017-05-01 CVE-2017-6564 Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory.
network
low complexity
franklinfueling CWE-862
6.5