Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-19 | CVE-2017-6142 | Improper Certificate Validation vulnerability in F5 Big-Ip Advanced Firewall Manager X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | 4.8 |
| 2018-01-19 | CVE-2017-1693 | Insufficient Session Expiration vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. | 5.6 |
| 2018-01-19 | CVE-2018-5786 | Infinite Loop vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). | 5.5 |
| 2018-01-19 | CVE-2018-5785 | Integer Overflow or Wraparound vulnerability in multiple products In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). | 6.5 |
| 2018-01-19 | CVE-2018-5784 | Resource Exhaustion vulnerability in multiple products In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. | 6.5 |
| 2018-01-19 | CVE-2018-5783 | Allocation of Resources Without Limits or Throttling vulnerability in Podofo Project Podofo 0.9.5 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). | 5.5 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
| 2018-01-18 | CVE-2012-6708 | Cross-site Scripting vulnerability in Jquery jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. | 6.1 |
| 2018-01-18 | CVE-2018-5776 | Cross-site Scripting vulnerability in Wordpress WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | 6.1 |
| 2018-01-18 | CVE-2017-17860 | Improper Input Validation vulnerability in Google Android In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. | 5.7 |