Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-14 CVE-2017-9624 Cross-site Scripting vulnerability in Epesi
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.
network
low complexity
epesi CWE-79
6.1
2017-06-14 CVE-2017-9623 Cross-site Scripting vulnerability in Epesi
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
network
low complexity
epesi CWE-79
6.1
2017-06-14 CVE-2017-9622 Cross-site Scripting vulnerability in Epesi
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
network
low complexity
epesi CWE-79
6.1
2017-06-14 CVE-2017-9621 Cross-site Scripting vulnerability in Epesi
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.
network
low complexity
epesi CWE-79
6.1
2017-06-14 CVE-2017-4986 Information Exposure vulnerability in EMC Secure Remote Services 3.18
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-200
5.3
2017-06-14 CVE-2017-9617 Uncontrolled Recursion vulnerability in Wireshark 2.2.7
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
local
low complexity
wireshark CWE-674
5.5
2017-06-14 CVE-2017-9616 Uncontrolled Recursion vulnerability in Wireshark 2.2.7
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
local
low complexity
wireshark CWE-674
5.5
2017-06-14 CVE-2017-9464 Open Redirect vulnerability in Piwigo
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.
network
low complexity
piwigo CWE-601
6.1
2017-06-14 CVE-2017-9463 SQL Injection vulnerability in Piwigo
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior.
network
low complexity
piwigo CWE-89
6.5
2017-06-14 CVE-2017-7677 Missing Authorization vulnerability in Apache Ranger
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
network
high complexity
apache CWE-862
5.9