Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2016-1210 Improper Certificate Validation vulnerability in the Hyakugo Bank 105 Bank 1.0/1.1
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
the-hyakugo-bank CWE-295
5.9
5.9
2017-04-21 CVE-2016-1198 Improper Certificate Validation vulnerability in NTT Photopt 1.0.0/1.1.0
Photopt for Android before 2.0.1 does not verify SSL certificates.
network
high complexity
ntt CWE-295
5.9
5.9
2017-04-21 CVE-2016-1187 Information Exposure vulnerability in Cybozu Kunai
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
network
high complexity
cybozu CWE-200
6.8
6.8
2017-04-21 CVE-2016-1186 Improper Certificate Validation vulnerability in Cybozu Kintone
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
network
high complexity
cybozu CWE-295
5.9
5.9
2017-04-21 CVE-2017-7994 NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
network
low complexity
podofo-project CWE-476
6.5
6.5
2017-04-21 CVE-2016-6519 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
network
low complexity
redhat openstack CWE-79
5.4
5.4
2017-04-21 CVE-2017-7992 Cross-site Scripting vulnerability in Heartland Payment Systems Heartland-PHP
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.
network
low complexity
heartland-payment-systems CWE-79
6.1
6.1
2017-04-21 CVE-2016-4841 Improper Input Validation vulnerability in Cybozu Mailwise
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
network
low complexity
cybozu CWE-20
4.3
4.3
2017-04-21 CVE-2016-4840 Improper Certificate Validation vulnerability in Toshiba Coordinate Plus 1.0.2
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
network
high complexity
toshiba CWE-295
5.9
5.9
2017-04-21 CVE-2016-4832 Improper Certificate Validation vulnerability in Aeon Waon 1.4.1
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.
network
high complexity
aeon CWE-295
5.9
5.9