Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2018-5683 | Out-of-bounds Read vulnerability in multiple products The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | 6.0 |
| 2018-01-23 | CVE-2017-18030 | Out-of-bounds Read vulnerability in multiple products The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. | 4.4 |
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2018-01-23 | CVE-2017-2746 | Cross-site Scripting vulnerability in HP Jetadvantage Security Manager Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. | 6.1 |
| 2018-01-23 | CVE-2017-2745 | Cross-site Scripting vulnerability in HP Jetadvantage Security Manager Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. | 6.1 |
| 2018-01-23 | CVE-2017-2744 | Information Exposure vulnerability in HP Support Assistant The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1. | 5.5 |
| 2018-01-23 | CVE-2017-2743 | Cross-site Scripting vulnerability in HP products HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. | 6.1 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.3 |
| 2018-01-23 | CVE-2017-15094 | Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Recursor An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. | 5.9 |
| 2018-01-23 | CVE-2017-15093 | Improper Input Validation vulnerability in Powerdns Recursor When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. | 5.3 |