Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-05 | CVE-2017-6339 | Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. | 6.5 |
| 2017-04-05 | CVE-2017-6338 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | 6.5 |
| 2017-04-05 | CVE-2017-6975 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. | 6.8 |
| 2017-04-05 | CVE-2017-0330 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-05 | CVE-2017-0328 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-05 | CVE-2017-2671 | Unspecified vulnerability in Linux Kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | 5.5 |
| 2017-04-04 | CVE-2017-7418 | Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. | 5.5 |
| 2017-04-04 | CVE-2017-7234 | Open Redirect vulnerability in Djangoproject Django A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. | 6.1 |
| 2017-04-04 | CVE-2017-7233 | Open Redirect vulnerability in Djangoproject Django Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. | 6.1 |
| 2017-04-04 | CVE-2017-0360 | Improper Privilege Management vulnerability in Tryton file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. | 5.3 |