Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-10 CVE-2017-8878 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
network
low complexity
asus CWE-200
6.5
2017-05-10 CVE-2017-8877 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
network
low complexity
asus CWE-200
6.5
2017-05-10 CVE-2017-8876 Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.11
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
network
low complexity
getsymphony CWE-79
6.1
2017-05-10 CVE-2017-8875 Cross-Site Request Forgery (CSRF) vulnerability in Codection Clean Login 1.7.12
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.
network
low complexity
codection CWE-352
6.5
2017-05-10 CVE-2016-10371 Improper Input Validation vulnerability in Libtiff 4.0.6
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
local
low complexity
libtiff CWE-20
5.5
2017-05-09 CVE-2017-0355 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.
local
low complexity
nvidia CWE-20
5.5
2017-05-09 CVE-2017-0354 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.
local
high complexity
nvidia CWE-20
4.7
2017-05-09 CVE-2017-0353 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service
local
low complexity
nvidia CWE-20
5.5
2017-05-09 CVE-2017-5527 SQL Injection vulnerability in Tibco products
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
network
low complexity
tibco CWE-89
6.5
2017-05-09 CVE-2017-7967 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used.
local
low complexity
schneider-electric CWE-119
5.5