Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-25 CVE-2015-3190 Open Redirect vulnerability in multiple products
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
network
low complexity
pivotal-software cloudfoundry CWE-601
6.1
2017-05-25 CVE-2015-1834 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2.
network
low complexity
pivotal-software cloudfoundry CWE-22
6.5
2017-05-24 CVE-2017-9216 NULL Pointer Dereference vulnerability in multiple products
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c.
network
low complexity
artifex debian CWE-476
6.5
2017-05-23 CVE-2017-8314 Path Traversal vulnerability in multiple products
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
local
low complexity
kodi debian CWE-22
5.5
2017-05-23 CVE-2017-8313 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2017-05-23 CVE-2017-8312 Out-of-bounds Read vulnerability in multiple products
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
local
low complexity
videolan debian CWE-125
5.5
2017-05-23 CVE-2017-8310 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2017-05-23 CVE-2017-3128 Cross-site Scripting vulnerability in Fortinet Fortios
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
network
low complexity
fortinet CWE-79
4.8
2017-05-23 CVE-2017-9211 NULL Pointer Dereference vulnerability in Linux Kernel
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
local
low complexity
linux CWE-476
5.5
2017-05-23 CVE-2017-5966 Path Traversal vulnerability in Sitecore CRM 8.1
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
network
low complexity
sitecore CWE-22
4.9