Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-10 | CVE-2017-8878 | Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266 ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | 6.5 |
2017-05-10 | CVE-2017-8877 | Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266 ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | 6.5 |
2017-05-10 | CVE-2017-8876 | Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.11 Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | 6.1 |
2017-05-10 | CVE-2017-8875 | Cross-Site Request Forgery (CSRF) vulnerability in Codection Clean Login 1.7.12 CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | 6.5 |
2017-05-10 | CVE-2016-10371 | Improper Input Validation vulnerability in Libtiff 4.0.6 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. | 5.5 |
2017-05-09 | CVE-2017-0355 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. | 5.5 |
2017-05-09 | CVE-2017-0354 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service. | 4.7 |
2017-05-09 | CVE-2017-0353 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service | 5.5 |
2017-05-09 | CVE-2017-5527 | SQL Injection vulnerability in Tibco products TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | 6.5 |
2017-05-09 | CVE-2017-7967 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145 All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. | 5.5 |