Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-05 | CVE-2018-5244 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. | 6.5 |
| 2018-01-05 | CVE-2014-8540 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 6.5 |
| 2018-01-05 | CVE-2014-8336 | Improper Input Validation vulnerability in Wp-Dbmanager Project Wp-Dbmanager The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | 6.5 |
| 2018-01-05 | CVE-2017-4945 | Unspecified vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. | 5.5 |
| 2018-01-04 | CVE-2018-5216 | Cross-site Scripting vulnerability in Radiantcms Radiant CMS 1.1.4 Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | 5.4 |
| 2018-01-04 | CVE-2018-5215 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.0.7 Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | 5.4 |
| 2018-01-04 | CVE-2018-5214 | Cross-site Scripting vulnerability in ADD Link to Facebook Project ADD Link to Facebook The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | 5.4 |
| 2018-01-04 | CVE-2018-5213 | Cross-site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | 5.4 |
| 2018-01-04 | CVE-2018-5212 | Cross-site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | 5.4 |
| 2018-01-04 | CVE-2017-1727 | Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. | 4.3 |