Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-01	CVE-2017-1147	Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-11-01	CVE-2017-1000122	Improper Input Validation vulnerability in Webkitgtk Webkitgtk+ The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. network low complexity webkitgtk CWE-20	5.3
2017-11-01	CVE-2016-3048	Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-11-01	CVE-2017-16359	NULL Pointer Dereference vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. local low complexity radare CWE-476	5.5
2017-11-01	CVE-2017-14992	Improper Input Validation vulnerability in Docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. network low complexity docker CWE-20	6.5
2017-11-01	CVE-2017-1001001	Cross-site Scripting vulnerability in Pluxml 5.6 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. network low complexity pluxml CWE-79	5.4
2017-11-01	CVE-2017-16353	Out-of-bounds Read vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. network low complexity graphicsmagick debian CWE-125	6.5
2017-11-01	CVE-2017-12625	Information Exposure vulnerability in Apache Hive Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. network low complexity apache CWE-200	4.3
2017-11-01	CVE-2017-1000243	Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites network low complexity jenkins CWE-862	4.3
2017-10-31	CVE-2017-1000383	Information Exposure vulnerability in GNU Emacs GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. local low complexity gnu CWE-200	5.5

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium