Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-13 CVE-2018-5651 Cross-site Scripting vulnerability in Dark Mode Project Dark Mode 1.6
An issue was discovered in the dark-mode plugin 1.6 for WordPress.
network
low complexity
dark-mode-project CWE-79
4.8
2018-01-12 CVE-2017-13218 Information Exposure vulnerability in Google Android
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845.
local
high complexity
google CWE-200
4.7
2018-01-12 CVE-2018-5650 Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c.
local
low complexity
long-range-zip-project CWE-835
5.5
2018-01-12 CVE-2015-9248 Cross-site Scripting vulnerability in Skyboxsecurity Skybox Platform
An issue was discovered in Skybox Platform before 7.5.201.
network
low complexity
skyboxsecurity CWE-79
5.4
2018-01-12 CVE-2015-9247 Cross-site Scripting vulnerability in Skyboxsecurity Skybox Platform 7.5.201
An issue was discovered in Skybox Platform before 7.5.401.
network
low complexity
skyboxsecurity CWE-79
5.4
2018-01-12 CVE-2017-18029 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick canonical CWE-772
6.5
2018-01-12 CVE-2017-18028 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick canonical CWE-770
6.5
2018-01-12 CVE-2017-18027 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick canonical CWE-772
6.5
2018-01-12 CVE-2017-16741 Information Exposure vulnerability in Phoenixcontact products
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32.
network
low complexity
phoenixcontact CWE-200
5.3
2018-01-12 CVE-2016-10706 Cross-site Scripting vulnerability in Automattic Jetpack
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
network
low complexity
automattic CWE-79
6.1