Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12290 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-16842 | Cross-site Scripting vulnerability in Yoast Wordpress SEO Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML. | 4.8 |
| 2017-11-16 | CVE-2017-16841 | Cross-site Scripting vulnerability in Lansweeper LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | 6.1 |
| 2017-11-16 | CVE-2017-16836 | Cross-site Scripting vulnerability in Commscope Arris Tg1682G Firmware 10.0.59.Sip.Pc20.Ct Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | 6.1 |
| 2017-11-15 | CVE-2017-5532 | Cross-site Scripting vulnerability in Tibco products A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. | 5.4 |
| 2017-11-15 | CVE-2017-15102 | NULL Pointer Dereference vulnerability in multiple products The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | 6.3 |
| 2017-11-15 | CVE-2014-2845 | Improper Certificate Validation vulnerability in Cyberduck Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | 5.9 |
| 2017-11-15 | CVE-2014-0219 | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 5.5 |
| 2017-11-15 | CVE-2017-15272 | Insufficiently Protected Credentials vulnerability in Psftp Psftpd 10.0.4 The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. | 5.3 |
| 2017-11-15 | CVE-2017-15271 | Use After Free vulnerability in Psftp Psftpd 10.0.4 A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. | 5.9 |