Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-28 CVE-2017-7296 Cross-site Scripting vulnerability in Contiki-Os Contiki 3.0
An issue was discovered in Contiki Operating System 3.0.
network
low complexity
contiki-os CWE-79
6.1
2017-05-28 CVE-2016-10376 Cryptographic Issues vulnerability in Gajim
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension.
network
low complexity
gajim CWE-310
4.5
2017-05-27 CVE-2017-9242 Improper Input Validation vulnerability in Linux Kernel
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
local
low complexity
linux CWE-20
5.5
2017-05-27 CVE-2017-7343 Open Redirect vulnerability in Fortinet Fortiportal
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
network
low complexity
fortinet CWE-601
6.1
2017-05-27 CVE-2017-7339 Cross-site Scripting vulnerability in Fortinet Fortiportal
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-3129 Cross-site Scripting vulnerability in Fortinet Fortiweb
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-3126 Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
network
low complexity
fortinet CWE-601
6.1
2017-05-26 CVE-2017-5646 Origin Validation Error vulnerability in Apache Knox
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox.
network
high complexity
apache CWE-346
6.8
2017-05-26 CVE-2017-8542 Uncontrolled Recursion vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
local
low complexity
microsoft CWE-674
5.5
2017-05-26 CVE-2017-8539 Uncontrolled Recursion vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
local
low complexity
microsoft CWE-674
5.5