Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-14 | CVE-2017-9463 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. | 6.5 |
| 2017-06-14 | CVE-2017-7677 | Missing Authorization vulnerability in Apache Ranger In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. | 5.9 |
| 2017-06-14 | CVE-2016-8751 | Cross-site Scripting vulnerability in Apache Ranger Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. | 4.8 |
| 2017-06-14 | CVE-2016-8746 | Untrusted Search Path vulnerability in Apache Ranger Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | 5.9 |
| 2017-06-14 | CVE-2017-9502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. | 5.3 |
| 2017-06-14 | CVE-2017-0651 | Information Exposure vulnerability in Linux Kernel 3.18 An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-06-14 | CVE-2017-0650 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-06-14 | CVE-2017-0647 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-06-14 | CVE-2017-0646 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-06-14 | CVE-2017-0645 | Information Exposure vulnerability in Google Android An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. | 5.5 |