Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2016-1214 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1213 | Open Redirect vulnerability in Cybozu Garoon The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 6.1 |
| 2017-04-20 | CVE-2015-8959 | Resource Management Errors vulnerability in Imagemagick coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | 6.5 |
| 2017-04-20 | CVE-2015-8958 | Out-of-bounds Read vulnerability in Imagemagick coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | 6.5 |
| 2017-04-20 | CVE-2015-8957 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | 6.5 |
| 2017-04-20 | CVE-2017-7718 | Out-of-bounds Read vulnerability in multiple products hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. | 5.5 |
| 2017-04-20 | CVE-2016-6347 | Cross-site Scripting vulnerability in Redhat Resteasy Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-20 | CVE-2016-6341 | Information Exposure vulnerability in Ovirt oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | 5.5 |
| 2017-04-20 | CVE-2016-6338 | Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0 ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | 6.8 |
| 2017-04-20 | CVE-2016-6336 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. | 6.5 |