Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2017-7623 | Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0 The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |
| 2017-04-10 | CVE-2017-7377 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | 6.0 |
| 2017-04-10 | CVE-2017-7345 | Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1 NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2017-04-10 | CVE-2016-10310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SQL Anywhere 11.0/16.0/17.0 Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778. | 4.9 |
| 2017-04-10 | CVE-2017-7616 | 7PK - Errors vulnerability in Linux Kernel Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. | 5.5 |
| 2017-04-10 | CVE-2016-10304 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Application Server Java 7.50 The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788. | 6.5 |
| 2017-04-10 | CVE-2016-5682 | Cross-site Scripting vulnerability in Smartbear Swagger-Ui Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | 6.1 |
| 2017-04-10 | CVE-2016-5642 | Cross-site Scripting vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G Opmantek NMIS before 8.5.12G has XSS via SNMP. | 5.4 |
| 2017-04-10 | CVE-2016-5078 | Cross-site Scripting vulnerability in Paessler Prtg Network Monitor Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | 6.1 |
| 2017-04-10 | CVE-2016-5077 | Cross-site Scripting vulnerability in Netikus Eventsentry 3.2.1.22/3.2.1.30/3.2.1.8 Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | 6.1 |