Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-05 | CVE-2016-3031 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-05 | CVE-2016-3015 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-05 | CVE-2014-9829 | Out-of-bounds Read vulnerability in Imagemagick coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | 6.5 |
| 2017-04-05 | CVE-2017-6340 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. | 5.4 |
| 2017-04-05 | CVE-2017-6339 | Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. | 6.5 |
| 2017-04-05 | CVE-2017-6338 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | 6.5 |
| 2017-04-05 | CVE-2017-6975 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. | 6.8 |
| 2017-04-05 | CVE-2017-0330 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-05 | CVE-2017-0328 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-05 | CVE-2017-2671 | Unspecified vulnerability in Linux Kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | 5.5 |