Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2016-5755 Improper Input Validation vulnerability in Netiq Access Manager 4.1/4.2
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
network
low complexity
netiq CWE-20
6.5
2017-03-23 CVE-2016-5751 Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
network
low complexity
netiq CWE-79
6.1
2017-03-23 CVE-2016-5749 XXE vulnerability in Netiq Access Manager 4.1/4.2
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
local
low complexity
netiq CWE-611
5.5
2017-03-23 CVE-2016-5748 XXE vulnerability in Netiq Access Manager 4.1/4.2
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
local
low complexity
netiq CWE-611
5.5
2017-03-23 CVE-2016-1603 Information Exposure vulnerability in Novell Netiq IDM Servicenow Driver
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
network
low complexity
novell CWE-200
6.5
2017-03-22 CVE-2017-5673 Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS.
network
low complexity
kunena CWE-79
6.1
2017-03-22 CVE-2017-7224 Out-of-bounds Write vulnerability in GNU Binutils 2.28
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
local
low complexity
gnu CWE-787
5.5
2017-03-22 CVE-2014-9840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
local
low complexity
imagemagick CWE-119
5.5
2017-03-22 CVE-2014-9838 Unspecified vulnerability in Imagemagick 6.8.99
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
local
low complexity
imagemagick
5.5
2017-03-22 CVE-2014-9836 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
local
low complexity
imagemagick CWE-119
5.5