Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2017-11834 | Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 5.3 |
| 2017-11-15 | CVE-2017-11832 | Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012 The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | 4.7 |
| 2017-11-15 | CVE-2017-11831 | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". | 4.7 |
| 2017-11-15 | CVE-2017-11830 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016 Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | 5.3 |
| 2017-11-15 | CVE-2017-11803 | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
| 2017-11-14 | CVE-2017-10266 | Information Exposure vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 5.3 |
| 2017-11-14 | CVE-2017-9394 | Cross-site Scripting vulnerability in CA Identity Governance 12.6.0 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 5.4 |
| 2017-11-14 | CVE-2017-9371 | Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | 5.9 |
| 2017-11-14 | CVE-2017-9369 | Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | 4.9 |
| 2017-11-14 | CVE-2017-16815 | Cross-site Scripting vulnerability in Snapcreek Duplicator 1.2.28 installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | 6.1 |