Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-15736 Cross-site Scripting vulnerability in Spip
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
network
low complexity
spip CWE-79
6.1
2017-10-22 CVE-2017-15728 Cross-site Scripting vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
network
low complexity
phpmyfaq CWE-79
4.8
2017-10-22 CVE-2017-15727 Cross-site Scripting vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
network
low complexity
phpmyfaq CWE-79
5.4
2017-10-22 CVE-2017-12317 Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software.
local
low complexity
cisco CWE-798
6.7
2017-10-20 CVE-2010-3659 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
network
low complexity
typo3 CWE-79
5.4
2017-10-20 CVE-2017-15671 Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
network
high complexity
gnu CWE-772
5.9
2017-10-20 CVE-2017-15291 Cross-site Scripting vulnerability in Tp-Link Tl-Mr3220 Firmware
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
network
low complexity
tp-link CWE-79
6.1
2017-10-20 CVE-2017-6141 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM).
network
high complexity
f5 CWE-20
5.9
2017-10-20 CVE-2017-14937 Use of a Broken or Risky Cryptographic Algorithm vulnerability in PCU 2014
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector).
local
high complexity
pcu CWE-327
4.7
2017-10-20 CVE-2017-2131 Information Exposure vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors.
network
low complexity
panasonic CWE-200
5.3