Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-0887 Improper Input Validation vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation.
network
low complexity
nextcloud CWE-20
4.3
4.3
2017-04-05 CVE-2017-0886 Uncontrolled Recursion vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack.
network
low complexity
nextcloud CWE-674
6.5
6.5
2017-04-05 CVE-2017-0885 Information Exposure vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share.
network
low complexity
nextcloud CWE-200
4.3
4.3
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
6.4
6.4
2017-04-05 CVE-2017-1180 Unspecified vulnerability in IBM Tririga Application Platform
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to.
network
high complexity
ibm
5.3
5.3
2017-04-05 CVE-2016-3031 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-04-05 CVE-2016-3015 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-04-05 CVE-2014-9829 Out-of-bounds Read vulnerability in Imagemagick
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
network
low complexity
imagemagick CWE-125
6.5
6.5
2017-04-05 CVE-2017-6340 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.
network
low complexity
trendmicro CWE-79
5.4
5.4