Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2017-5969 | NULL Pointer Dereference vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. | 4.7 |
| 2017-04-11 | CVE-2017-7461 | Path Traversal vulnerability in Intellinet-Network Nfc-30Ir Firmware Lm.1.6.16.05 Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization. | 4.9 |
| 2017-04-11 | CVE-2017-5873 | Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 6.7 |
| 2017-04-11 | CVE-2017-5672 | Information Exposure vulnerability in Kony Enterprise Mobile Management 1.2/4.2.0 Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. | 6.5 |
| 2017-04-11 | CVE-2016-5011 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | 4.6 |
| 2017-04-11 | CVE-2016-7467 | Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | 5.3 |
| 2017-04-11 | CVE-2016-10259 | Resource Management Errors vulnerability in Bluecoat products Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. | 5.9 |
| 2017-04-11 | CVE-2017-7621 | Cross-site Scripting vulnerability in Auromeera Emli 1.0 Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. | 6.1 |
| 2017-04-10 | CVE-2017-7646 | Information Exposure vulnerability in Solarwinds LOG & Event Manager 6.3.1 SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | 6.5 |
| 2017-04-10 | CVE-2017-7624 | Missing Release of Resource after Effective Lifetime vulnerability in Entropymine Imageworsener 1.3.0 The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | 5.5 |