Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2015-2255 Data Processing Errors vulnerability in Huawei Ar1220 Firmware
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
network
high complexity
huawei CWE-19
5.9
2017-06-08 CVE-2015-2253 Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
local
low complexity
huawei CWE-200
5.0
2017-06-08 CVE-2014-6031 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products
Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors.
network
low complexity
f5 CWE-119
4.9
2017-06-08 CVE-2014-4843 Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
network
low complexity
ibm CWE-358
5.3
2017-06-08 CVE-2017-9520 Use After Free vulnerability in Radare Radare2 1.5.0
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
local
low complexity
radare CWE-416
5.5
2017-06-08 CVE-2017-9516 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
network
low complexity
craftcms CWE-79
5.4
2017-06-07 CVE-2015-3295 Improper Access Control vulnerability in Markdown-It Project Markdown-It 4.0.3
markdown-it before 4.1.0 does not block data: URLs.
network
low complexity
markdown-it-project CWE-284
5.3
2017-06-07 CVE-2014-9310 Cross-site Scripting vulnerability in Wordpress Backup to Dropbox Project Wordpress Backup to Dropbox
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.
6.1
2017-06-07 CVE-2015-8538 Improper Input Validation vulnerability in Libdwarf Project Libdwarf
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
network
low complexity
libdwarf-project CWE-20
6.5
2017-06-07 CVE-2015-6959 Cross-site Scripting vulnerability in Vindula 1.9
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
network
low complexity
vindula CWE-79
5.4