Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-21 | CVE-2017-12984 | Cross-site Scripting vulnerability in PHPmywind 5.3 PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | 6.1 |
| 2017-08-21 | CVE-2017-12982 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | 5.5 |
| 2017-08-21 | CVE-2017-12980 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. | 6.1 |
| 2017-08-21 | CVE-2017-12979 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. | 6.1 |
| 2017-08-21 | CVE-2017-12978 | Cross-site Scripting vulnerability in Cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | 5.4 |
| 2017-08-20 | CVE-2017-12966 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asn1C Project Asn1C 0.9.28 The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. | 6.5 |
| 2017-08-19 | CVE-2017-12967 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | 6.5 |
| 2017-08-18 | CVE-2017-12957 | Out-of-bounds Read vulnerability in Exiv2 0.26 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. | 6.5 |
| 2017-08-18 | CVE-2017-12956 | Out-of-bounds Read vulnerability in Exiv2 0.26 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. | 6.5 |
| 2017-08-18 | CVE-2017-8446 | Improper Privilege Management vulnerability in Elasticsearch X-Pack and X-Pack Reporting The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. | 5.3 |