Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-8629 | Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013 Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | 5.4 |
| 2017-09-13 | CVE-2017-8628 | Unspecified vulnerability in Microsoft products Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". high complexity microsoft | 6.8 |
| 2017-09-13 | CVE-2017-8597 | Information Exposure vulnerability in Microsoft Windows 10 1703 Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
| 2017-09-13 | CVE-2017-11761 | Information Exposure vulnerability in Microsoft Exchange Server 2013/2016 Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" | 5.3 |
| 2017-09-12 | CVE-2015-9230 | Cross-site Scripting vulnerability in Ait-Pro Bulletproof Security .52.4 In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. | 4.8 |
| 2017-09-12 | CVE-2015-9229 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery 2.1.15 In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | 4.8 |
| 2017-09-12 | CVE-2017-1519 | Improper Input Validation vulnerability in IBM DB2 and DB2 Connect IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. | 5.9 |
| 2017-09-12 | CVE-2017-14400 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.71 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. | 6.5 |
| 2017-09-12 | CVE-2017-1439 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 6.7 |
| 2017-09-12 | CVE-2017-1438 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 6.7 |