Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2014-6031 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. | 4.9 |
| 2017-06-08 | CVE-2014-4843 | Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | 5.3 |
| 2017-06-08 | CVE-2017-9520 | Use After Free vulnerability in Radare Radare2 1.5.0 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | 5.5 |
| 2017-06-08 | CVE-2017-9516 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | 5.4 |
| 2017-06-07 | CVE-2015-3295 | Improper Access Control vulnerability in Markdown-It Project Markdown-It 4.0.3 markdown-it before 4.1.0 does not block data: URLs. | 5.3 |
| 2017-06-07 | CVE-2014-9310 | Cross-site Scripting vulnerability in Wordpress Backup to Dropbox Project Wordpress Backup to Dropbox Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | 6.1 |
| 2017-06-07 | CVE-2015-8538 | Improper Input Validation vulnerability in Libdwarf Project Libdwarf dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | 6.5 |
| 2017-06-07 | CVE-2015-6959 | Cross-site Scripting vulnerability in Vindula 1.9 Cross-site scripting (XSS) vulnerability in Vindula 1.9. | 5.4 |
| 2017-06-07 | CVE-2015-6540 | Cross-site Scripting vulnerability in Igcb Intellect Digital Core Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | 6.1 |
| 2017-06-07 | CVE-2017-4905 | Use of Uninitialized Resource vulnerability in VMWare products VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. | 5.5 |