Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2017-7994 NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
network
low complexity
podofo-project CWE-476
6.5
2017-04-21 CVE-2016-6519 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
network
low complexity
redhat openstack CWE-79
5.4
2017-04-21 CVE-2017-7992 Cross-site Scripting vulnerability in Heartland Payment Systems Heartland-PHP
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.
network
low complexity
heartland-payment-systems CWE-79
6.1
2017-04-21 CVE-2016-4841 Improper Input Validation vulnerability in Cybozu Mailwise
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
network
low complexity
cybozu CWE-20
4.3
2017-04-21 CVE-2016-4840 Improper Certificate Validation vulnerability in Toshiba Coordinate Plus 1.0.2
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
network
high complexity
toshiba CWE-295
5.9
2017-04-21 CVE-2016-4832 Improper Certificate Validation vulnerability in Aeon Waon 1.4.1
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.
network
high complexity
aeon CWE-295
5.9
2017-04-21 CVE-2016-4830 Improper Certificate Validation vulnerability in Akindo-Sushiro Sushiro
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates.
network
high complexity
akindo-sushiro CWE-295
5.9
2017-04-21 CVE-2016-4829 Improper Certificate Validation vulnerability in DMM PPV Play Player 1.2.0/2.1.2
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.
network
high complexity
dmm CWE-295
5.9
2017-04-21 CVE-2016-1194 Resource Management Errors vulnerability in Cybozu Garoon 4.2.0
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
network
low complexity
cybozu CWE-399
6.5
2017-04-21 CVE-2016-1184 Improper Certificate Validation vulnerability in Tokyostarbank Tokyo Star Bank 1.3
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
network
high complexity
tokyostarbank CWE-295
5.9