Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2015-9247 | Cross-site Scripting vulnerability in Skyboxsecurity Skybox Platform 7.5.201 An issue was discovered in Skybox Platform before 7.5.401. | 5.4 |
| 2018-01-12 | CVE-2017-18029 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. | 6.5 |
| 2018-01-12 | CVE-2017-18028 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. | 6.5 |
| 2018-01-12 | CVE-2017-18027 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. | 6.5 |
| 2018-01-12 | CVE-2017-16741 | Information Exposure vulnerability in Phoenixcontact products An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. | 5.3 |
| 2018-01-12 | CVE-2016-10706 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | 6.1 |
| 2018-01-12 | CVE-2016-10705 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | 6.1 |
| 2018-01-12 | CVE-2017-18014 | Cross-site Scripting vulnerability in Sophos Sfos 15.01.0/16.5/17.0 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. | 6.1 |
| 2018-01-12 | CVE-2016-0336 | Cross-site Scripting vulnerability in IBM Security Identity Manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-12 | CVE-2015-2981 | Improper Certificate Validation vulnerability in Yodobashi 1.2.1.0 The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |