Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-1324 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-12792 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. | 6.1 |
| 2017-10-03 | CVE-2015-7980 | Cross-site Scripting vulnerability in Compass Rose Project Compass Rose 6.X1.0 Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable." | 6.1 |
| 2017-10-03 | CVE-2015-7357 | Cross-site Scripting vulnerability in Udesign Project Udesign Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>. | 6.1 |
| 2017-10-03 | CVE-2015-3321 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | 6.7 |
| 2017-10-03 | CVE-2014-0043 | Information Exposure vulnerability in Apache Wicket 1.5.10/6.13.0 In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | 5.3 |
| 2017-10-02 | CVE-2017-14974 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 5.5 |
| 2017-10-02 | CVE-2017-14970 | Missing Release of Resource after Effective Lifetime vulnerability in Openvswitch In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. | 5.9 |
| 2017-10-02 | CVE-2017-14957 | Cross-site Scripting vulnerability in Blogotext Project Blogotext Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. | 6.1 |
| 2017-10-02 | CVE-2017-14955 | Race Condition vulnerability in Checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 5.9 |