Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2017-12647 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12646 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12645 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2016-10404 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12643 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
network
low complexity
imagemagick debian CWE-770
6.5
2017-08-07 CVE-2017-9647 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Infineon S-Gold 2 PMB 8876
A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf.
low complexity
infineon CWE-119
6.6
2017-08-07 CVE-2017-7936 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NXP products
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx.
high complexity
nxp CWE-119
6.3
2017-08-07 CVE-2017-7932 Improper Certificate Validation vulnerability in NXP products
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus.
high complexity
nxp CWE-295
6.0
2017-08-07 CVE-2017-7916 Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior.
network
low complexity
abb CWE-269
6.5
2017-08-07 CVE-2017-6770 Improper Input Validation vulnerability in Cisco products
Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.
network
high complexity
cisco CWE-20
4.2