Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000427 | Cross-site Scripting vulnerability in Marked Project Marked marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 6.1 |
| 2018-01-02 | CVE-2017-1000425 | Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | 6.1 |
| 2018-01-02 | CVE-2017-1000426 | Cross-site Scripting vulnerability in Omniscale Mapproxy MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | 6.1 |
| 2018-01-02 | CVE-2017-1000431 | Cross-site Scripting vulnerability in EZ Publish eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. | 6.1 |
| 2018-01-02 | CVE-2017-1000424 | Unspecified vulnerability in Atom Electron Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. | 4.3 |
| 2018-01-02 | CVE-2017-1000457 | Cross-site Scripting vulnerability in Mojoportal 2.5.0.0 Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. | 4.8 |
| 2018-01-02 | CVE-2017-1557 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. | 4.3 |
| 2018-01-02 | CVE-2017-1000455 | Origin Validation Error vulnerability in GNU Guixsd GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix. | 5.5 |
| 2018-01-02 | CVE-2017-1000413 | Information Exposure vulnerability in Linaro Op-Tee Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | 5.9 |
| 2018-01-02 | CVE-2017-1000445 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | 6.5 |