Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-1002024 | Improper Authentication vulnerability in Kindsoft Kind Editor and Kindeditor Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. | 4.3 |
| 2017-09-14 | CVE-2017-1002017 | Cross-site Scripting vulnerability in Bobcares Gift-Certificate-Creator 1.0 Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | 6.1 |
| 2017-09-14 | CVE-2017-1002011 | Cross-site Scripting vulnerability in Anblik Image-Gallery-With-Slideshow 1.5.2 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | 5.4 |
| 2017-09-13 | CVE-2017-14431 | Missing Release of Resource after Effective Lifetime vulnerability in XEN Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. | 5.5 |
| 2017-09-13 | CVE-2017-1556 | Improper Input Validation vulnerability in IBM API Connect 5.0.7.0/5.0.7.1/5.0.7.2 IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. | 6.5 |
| 2017-09-13 | CVE-2017-1508 | Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. | 6.7 |
| 2017-09-13 | CVE-2017-7560 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Rhnsd It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | 5.5 |
| 2017-09-13 | CVE-2017-14420 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-13 | CVE-2017-14419 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-13 | CVE-2017-14416 | Cross-site Scripting vulnerability in Dlink Dir-850L Firmware D-Link DIR-850L REV. | 6.1 |