Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-18 | CVE-2017-8445 | Improper Certificate Validation vulnerability in Elastic X-Pack An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. | 5.5 |
| 2017-08-18 | CVE-2017-9682 | Race Condition vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | 4.7 |
| 2017-08-18 | CVE-2017-8254 | Information Exposure vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | 5.5 |
| 2017-08-18 | CVE-2017-12948 | Cross-site Scripting vulnerability in Pressforward Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | 6.1 |
| 2017-08-18 | CVE-2017-12882 | Cross-site Scripting vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | 5.4 |
| 2017-08-18 | CVE-2015-5057 | Cross-site Scripting vulnerability in Broken Link Checker Project Broken Link Checker Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | 6.1 |
| 2017-08-18 | CVE-2015-4071 | Information Exposure vulnerability in Helpdesk PRO Project Helpdesk PRO The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. | 5.3 |
| 2017-08-18 | CVE-2017-12591 | Cross-site Scripting vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | 5.4 |
| 2017-08-18 | CVE-2017-0687 | Unspecified vulnerability in Google Android A denial of service vulnerability in the Android media framework (libavc). | 5.5 |
| 2017-08-18 | CVE-2017-9816 | Cross-site Scripting vulnerability in Paessler Prtg Network Monitor Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |