Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-24	CVE-2017-1212	Unspecified vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. network low complexity ibm	6.5
2017-10-24	CVE-2017-1209	Cross-site Scripting vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-10-24	CVE-2016-3049	Cross-site Scripting vulnerability in IBM Openpages GRC Platform 7.1/7.2/7.3 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. network low complexity ibm CWE-79	5.4
2017-10-24	CVE-2017-15874	Integer Underflow (Wrap or Wraparound) vulnerability in Busybox 1.27.2 archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. local low complexity busybox CWE-191	5.5
2017-10-24	CVE-2017-15873	Integer Overflow or Wraparound vulnerability in multiple products The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. local low complexity busybox debian canonical CWE-190	5.5
2017-10-24	CVE-2017-15872	Cross-site Scripting vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. network low complexity phpwcms CWE-79	4.8
2017-10-24	CVE-2017-15867	Cross-site Scripting vulnerability in User-Login-History Project User-Login-History Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. network low complexity user-login-history-project CWE-79	6.1
2017-10-24	CVE-2017-15863	Cross-site Scripting vulnerability in WP NO External Links Project WP NO External Links Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. network low complexity wp-no-external-links-project CWE-79	6.1
2017-10-24	CVE-2017-15223	Infinite Loop vulnerability in Argosoft Mini Mail Server 1.0.0.2 Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. network low complexity argosoft CWE-835	5.3
2017-10-24	CVE-2017-15186	Double Free vulnerability in Ffmpeg Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. network low complexity ffmpeg CWE-415	6.5

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium