Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2016-1915 | Cross-site Scripting vulnerability in Blackberry Enterprise Service Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | 6.1 |
| 2017-04-13 | CVE-2015-8864 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. | 6.1 |
| 2017-04-13 | CVE-2015-8283 | Path Traversal vulnerability in Seawell Networks Spectrum SDC 02.05.00 Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | 6.5 |
| 2017-04-13 | CVE-2015-8272 | NULL Pointer Dereference vulnerability in Rtmpdump Project Rtmpdump 2.4 RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). | 6.5 |
| 2017-04-13 | CVE-2015-8223 | Permission Issues vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. | 5.5 |
| 2017-04-13 | CVE-2015-7740 | Improper Input Validation vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | 5.5 |
| 2017-04-13 | CVE-2015-7565 | Cross-site Scripting vulnerability in Emberjs Ember.Js Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-04-13 | CVE-2015-1839 | Data Processing Errors vulnerability in multiple products modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-04-13 | CVE-2015-1838 | Data Processing Errors vulnerability in multiple products modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-04-13 | CVE-2014-2710 | Cross-site Scripting vulnerability in Oliver Project Oliver Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php). | 6.1 |