Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-12 | CVE-2017-16794 | Out-of-bounds Read vulnerability in Swftools 0.9.2 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. | 5.5 |
2017-11-10 | CVE-2017-16785 | Cross-site Scripting vulnerability in Cacti 1.1.27 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | 6.1 |
2017-11-10 | CVE-2017-16784 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | 6.1 |
2017-11-10 | CVE-2017-16782 | Cross-site Scripting vulnerability in Home-Assistant In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | 6.1 |
2017-11-10 | CVE-2017-16781 | Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. | 5.4 |
2017-11-10 | CVE-2017-16765 | Cross-site Scripting vulnerability in Dlink Dwr-933 Firmware 1.00(Ww)B17 XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | 6.1 |
2017-11-10 | CVE-2017-16761 | Open Redirect vulnerability in Inedo Buildmaster An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | 6.1 |
2017-11-10 | CVE-2017-16760 | Cross-site Scripting vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 has XSS. | 6.1 |
2017-11-10 | CVE-2017-5201 | Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | 5.7 |
2017-11-10 | CVE-2017-16754 | Incorrect Permission Assignment for Critical Resource vulnerability in Boltcms Bolt Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | 5.3 |