Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2015-2255 | Data Processing Errors vulnerability in Huawei Ar1220 Firmware Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. | 5.9 |
| 2017-06-08 | CVE-2015-2253 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | 5.0 |
| 2017-06-08 | CVE-2014-6031 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. | 4.9 |
| 2017-06-08 | CVE-2014-4843 | Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | 5.3 |
| 2017-06-08 | CVE-2017-9520 | Use After Free vulnerability in Radare Radare2 1.5.0 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | 5.5 |
| 2017-06-08 | CVE-2017-9516 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | 5.4 |
| 2017-06-07 | CVE-2015-3295 | Improper Access Control vulnerability in Markdown-It Project Markdown-It 4.0.3 markdown-it before 4.1.0 does not block data: URLs. | 5.3 |
| 2017-06-07 | CVE-2014-9310 | Cross-site Scripting vulnerability in Wordpress Backup to Dropbox Project Wordpress Backup to Dropbox Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | 6.1 |
| 2017-06-07 | CVE-2015-8538 | Improper Input Validation vulnerability in Libdwarf Project Libdwarf dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | 6.5 |
| 2017-06-07 | CVE-2015-6959 | Cross-site Scripting vulnerability in Vindula 1.9 Cross-site scripting (XSS) vulnerability in Vindula 1.9. | 5.4 |