Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-15736 | Cross-site Scripting vulnerability in Spip Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. | 6.1 |
| 2017-10-22 | CVE-2017-15728 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | 4.8 |
| 2017-10-22 | CVE-2017-15727 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | 5.4 |
| 2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 6.7 |
| 2017-10-20 | CVE-2010-3659 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | 5.4 |
| 2017-10-20 | CVE-2017-15671 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | 5.9 |
| 2017-10-20 | CVE-2017-15291 | Cross-site Scripting vulnerability in Tp-Link Tl-Mr3220 Firmware Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. | 6.1 |
| 2017-10-20 | CVE-2017-6141 | Improper Input Validation vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). | 5.9 |
| 2017-10-20 | CVE-2017-14937 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in PCU 2014 The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). | 4.7 |
| 2017-10-20 | CVE-2017-2131 | Information Exposure vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | 5.3 |