Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2017-7623 Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
local
low complexity
entropymine CWE-125
5.5
2017-04-10 CVE-2017-7377 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
local
low complexity
qemu debian CWE-772
6.0
2017-04-10 CVE-2017-7345 Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
5.3
2017-04-10 CVE-2016-10310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SQL Anywhere 11.0/16.0/17.0
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.
network
low complexity
sap CWE-119
4.9
2017-04-10 CVE-2017-7616 7PK - Errors vulnerability in Linux Kernel
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
local
low complexity
linux CWE-388
5.5
2017-04-10 CVE-2016-10304 Deserialization of Untrusted Data vulnerability in SAP Netweaver Application Server Java 7.50
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
network
low complexity
sap CWE-502
6.5
2017-04-10 CVE-2016-5682 Cross-site Scripting vulnerability in Smartbear Swagger-Ui
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
network
low complexity
smartbear CWE-79
6.1
2017-04-10 CVE-2016-5642 Cross-site Scripting vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G
Opmantek NMIS before 8.5.12G has XSS via SNMP.
network
low complexity
opmantek CWE-79
5.4
2017-04-10 CVE-2016-5078 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
network
low complexity
paessler CWE-79
6.1
2017-04-10 CVE-2016-5077 Cross-site Scripting vulnerability in Netikus Eventsentry 3.2.1.22/3.2.1.30/3.2.1.8
Netikus EventSentry before 3.2.1.44 has XSS via SNMP.
network
low complexity
netikus CWE-79
6.1