Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-12 CVE-2017-16794 Out-of-bounds Read vulnerability in Swftools 0.9.2
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
local
low complexity
swftools CWE-125
5.5
2017-11-10 CVE-2017-16785 Cross-site Scripting vulnerability in Cacti 1.1.27
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
network
low complexity
cacti CWE-79
6.1
2017-11-10 CVE-2017-16784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
network
low complexity
cmsmadesimple CWE-79
6.1
2017-11-10 CVE-2017-16782 Cross-site Scripting vulnerability in Home-Assistant
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
network
low complexity
home-assistant CWE-79
6.1
2017-11-10 CVE-2017-16781 Cross-site Scripting vulnerability in Mybb
The installer in MyBB before 1.8.13 has XSS.
network
low complexity
mybb CWE-79
5.4
2017-11-10 CVE-2017-16765 Cross-site Scripting vulnerability in Dlink Dwr-933 Firmware 1.00(Ww)B17
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.
network
low complexity
dlink CWE-79
6.1
2017-11-10 CVE-2017-16761 Open Redirect vulnerability in Inedo Buildmaster
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
network
low complexity
inedo CWE-601
6.1
2017-11-10 CVE-2017-16760 Cross-site Scripting vulnerability in Inedo Buildmaster
Inedo BuildMaster before 5.8.2 has XSS.
network
low complexity
inedo CWE-79
6.1
2017-11-10 CVE-2017-5201 Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.
low complexity
netapp CWE-200
5.7
2017-11-10 CVE-2017-16754 Incorrect Permission Assignment for Critical Resource vulnerability in Boltcms Bolt
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
network
low complexity
boltcms CWE-732
5.3