Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-26 | CVE-2015-6670 | Unauthorized Access vulnerability in ownCloud ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. | 4.0 |
| 2015-10-26 | CVE-2015-5288 | Information Exposure vulnerability in Postgresql The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | 6.4 |
| 2015-10-25 | CVE-2015-6484 | NULL Pointer Dereference Remote Denial of Service vulnerability in CODESYS Gateway Server 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | 5.0 |
| 2015-10-25 | CVE-2015-6341 | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software 7.4.140.0/8.0.120.0 The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. | 5.0 |
| 2015-10-25 | CVE-2015-1003 | Path Traversal vulnerability in Ininet Solutions Scada web Server Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 5.0 |
| 2015-10-25 | CVE-2015-1002 | Unspecified vulnerability in Ininet Solutions Scada web Server IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. | 6.4 |
| 2015-10-23 | CVE-2015-7023 | Code vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | 5.8 |
| 2015-10-23 | CVE-2015-7020 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. | 5.6 |
| 2015-10-23 | CVE-2015-7019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. | 5.6 |
| 2015-10-23 | CVE-2015-7018 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. | 6.8 |