Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-3839 NULL Pointer Dereference vulnerability in Google Android
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
local
low complexity
google CWE-476
5.5
5.5
2017-08-07 CVE-2009-5145 Cross-site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
network
low complexity
zope CWE-79
6.1
6.1
2017-08-07 CVE-2017-12649 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12648 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12647 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12646 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12645 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2016-10404 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12643 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
network
low complexity
imagemagick debian CWE-770
6.5
6.5
2017-08-07 CVE-2017-9647 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Infineon S-Gold 2 PMB 8876
A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf.
low complexity
infineon CWE-119
6.6
6.6