Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2015-6540 Cross-site Scripting vulnerability in Igcb Intellect Digital Core
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
network
low complexity
igcb CWE-79
6.1
2017-06-07 CVE-2017-4905 Use of Uninitialized Resource vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage.
local
low complexity
vmware CWE-908
5.5
2017-06-07 CVE-2017-4900 NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver.
local
low complexity
vmware CWE-476
5.5
2017-06-07 CVE-2017-4899 Out-of-bounds Read vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver.
local
high complexity
vmware CWE-125
4.7
2017-06-07 CVE-2017-1305 Cross-site Scripting vulnerability in IBM Rational Doors Next Generation 6.0.2/6.0.3
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-07 CVE-2017-1178 Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-06-07 CVE-2016-9710 Information Exposure vulnerability in IBM Cognos Business Intelligence Server
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files.
network
low complexity
ibm CWE-200
5.3
2017-06-07 CVE-2016-8939 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised.
local
low complexity
ibm CWE-200
5.5
2017-06-07 CVE-2016-6089 Improper Access Control vulnerability in IBM Websphere MQ 9.0.0.0/9.0.1
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls.
local
low complexity
ibm CWE-284
5.5
2017-06-07 CVE-2016-5960 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-200
5.5