Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-13818 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-13 CVE-2017-13817 Out-of-bounds Read vulnerability in Apple mac OS X
An out-of-bounds read issue was discovered in certain Apple products.
local
low complexity
apple CWE-125
5.5
2017-11-13 CVE-2017-13810 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-13 CVE-2017-13804 Improper Input Validation vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-20
5.5
2017-11-13 CVE-2017-13790 Improper Input Validation vulnerability in Apple Safari
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-20
6.5
2017-11-13 CVE-2017-13789 Improper Input Validation vulnerability in Apple Safari
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-20
6.5
2017-11-13 CVE-2017-13786 Unspecified vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
low complexity
apple
4.6
2017-11-13 CVE-2017-13782 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-12 CVE-2017-16799 Cross-site Scripting vulnerability in Cmsmadesimple 2.2.3.1
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
network
low complexity
cmsmadesimple CWE-79
5.4
2017-11-12 CVE-2017-16798 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
network
low complexity
cmsmadesimple CWE-79
5.4