Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-13 | CVE-2017-13804 | Improper Input Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 5.5 |
| 2017-11-13 | CVE-2017-13790 | Improper Input Validation vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.5 |
| 2017-11-13 | CVE-2017-13789 | Improper Input Validation vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.5 |
| 2017-11-13 | CVE-2017-13786 | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. low complexity apple | 4.6 |
| 2017-11-13 | CVE-2017-13782 | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.5 |
| 2017-11-12 | CVE-2017-16799 | Cross-site Scripting vulnerability in Cmsmadesimple 2.2.3.1 In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | 5.4 |
| 2017-11-12 | CVE-2017-16798 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | 5.4 |
| 2017-11-12 | CVE-2017-16794 | Out-of-bounds Read vulnerability in Swftools 0.9.2 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. | 5.5 |
| 2017-11-10 | CVE-2017-16785 | Cross-site Scripting vulnerability in Cacti 1.1.27 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | 6.1 |
| 2017-11-10 | CVE-2017-16784 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | 6.1 |