Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-02 | CVE-2016-5063 | Improper Authorization vulnerability in BMC Server Automation 8.6/8.7 The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | 5.3 |
| 2017-05-02 | CVE-2016-4467 | Improper Certificate Validation vulnerability in Apache Qpid Proton The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 5.9 |
| 2017-05-02 | CVE-2016-4442 | Information Exposure vulnerability in Miniprofiler Rack-Mini-Profiler The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. | 5.3 |
| 2017-05-01 | CVE-2017-8401 | Out-of-bounds Read vulnerability in Swftools In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. | 6.5 |
| 2017-05-01 | CVE-2017-6564 | Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. | 6.5 |
| 2017-05-01 | CVE-2017-8388 | Unspecified vulnerability in Genixcms 1.0.2 GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. | 5.3 |
| 2017-05-01 | CVE-2017-8376 | Cross-site Scripting vulnerability in Genixcms 1.0.2 GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | 5.4 |
| 2017-05-01 | CVE-2017-5631 | Cross-site Scripting vulnerability in KMC Information Systems Caseaware An issue was discovered in KMCIS CaseAware. | 6.1 |
| 2017-05-01 | CVE-2017-8385 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | 5.3 |
| 2017-05-01 | CVE-2017-8384 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. | 6.1 |