Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-09 | CVE-2017-7593 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. | 5.5 |
| 2017-04-09 | CVE-2017-7591 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | 6.1 |
| 2017-04-09 | CVE-2017-7590 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | 6.1 |
| 2017-04-09 | CVE-2017-7589 | Information Exposure vulnerability in Openidm Project Openidm 4.0.0/4.5.0 In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. | 6.5 |
| 2017-04-07 | CVE-2017-0586 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0585 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0584 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0560 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. | 5.5 |
| 2017-04-07 | CVE-2017-0559 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-04-07 | CVE-2017-0558 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. | 5.5 |