Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-4842 Information Exposure vulnerability in Cybozu Mailwise
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
network
low complexity
cybozu CWE-200
4.3
4.3
2017-04-20 CVE-2016-4818 Improper Certificate Validation vulnerability in DMM products
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.
network
high complexity
dmm CWE-295
5.9
5.9
2017-04-20 CVE-2016-1220 Improper Access Control vulnerability in Cybozu Garoon
Cybozu Garoon before 4.2.2 does not properly restrict access.
network
low complexity
cybozu CWE-284
4.3
4.3
2017-04-20 CVE-2016-1217 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1216 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1215 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1214 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1213 Open Redirect vulnerability in Cybozu Garoon
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
network
low complexity
cybozu CWE-601
6.1
6.1
2017-04-20 CVE-2015-8959 Resource Management Errors vulnerability in Imagemagick
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
network
low complexity
imagemagick CWE-399
6.5
6.5
2017-04-20 CVE-2015-8958 Out-of-bounds Read vulnerability in Imagemagick
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
network
low complexity
imagemagick CWE-125
6.5
6.5