Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-04 | CVE-2017-17123 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29.1 The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. | 5.5 |
| 2017-12-04 | CVE-2017-17113 | NULL Pointer Dereference vulnerability in Ikarussecurity Anti.Virus 2.16.15 ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. | 5.5 |
| 2017-12-03 | CVE-2017-17096 | Cross-site Scripting vulnerability in Content Cards Project Content Cards Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | 6.1 |
| 2017-12-03 | CVE-2017-14516 | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | 6.1 |
| 2017-12-02 | CVE-2017-17094 | Cross-site Scripting vulnerability in multiple products wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | 5.4 |
| 2017-12-02 | CVE-2017-17093 | Cross-site Scripting vulnerability in multiple products wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | 5.4 |
| 2017-12-02 | CVE-2017-17092 | Cross-site Scripting vulnerability in multiple products wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 5.4 |
| 2017-12-01 | CVE-2017-6679 | Unspecified vulnerability in Cisco Umbrella 2.0.3 The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. | 6.4 |
| 2017-12-01 | CVE-2017-16893 | SQL Injection vulnerability in Piwigo The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. | 6.5 |
| 2017-12-01 | CVE-2017-16611 | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 5.5 |