Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-5191 Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
network
low complexity
netiq CWE-79
6.1
2017-04-24 CVE-2017-2322 Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
local
low complexity
juniper CWE-400
5.5
2017-04-24 CVE-2016-3114 Permissions, Privileges, and Access Controls vulnerability in Kallithea 0.3.1
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
network
low complexity
kallithea CWE-264
6.5
2017-04-24 CVE-2016-3076 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
local
low complexity
python CWE-119
5.5
2017-04-24 CVE-2017-1000360 NULL Pointer Dereference vulnerability in Opendaylight 3.3/4.0
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql.
network
low complexity
opendaylight CWE-476
5.3
2017-04-24 CVE-2017-1000359 Resource Exhaustion vulnerability in Opendaylight 3.3/4.0
Java out of memory error and significant increase in resource consumption.
network
low complexity
opendaylight CWE-400
5.3
2017-04-24 CVE-2017-1000358 NULL Pointer Dereference vulnerability in Opendaylight 4.0
Controller throws an exception and does not allow user to add subsequent flow for a particular switch.
network
low complexity
opendaylight CWE-476
6.5
2017-04-24 CVE-2017-2340 Improper Input Validation vulnerability in Juniper Junos 15.1/16.1
On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash.
network
low complexity
juniper CWE-20
5.3
2017-04-24 CVE-2017-2333 Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0
A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server.
network
low complexity
juniper CWE-400
6.5
2017-04-24 CVE-2017-2330 Excessive Iteration vulnerability in Juniper Northstar Controller 2.1.0
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted.
local
low complexity
juniper CWE-834
6.2