Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000168 | Unspecified vulnerability in Sodiumoxide Project Sodiumoxide sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys | 6.5 |
| 2017-11-17 | CVE-2017-16819 | Cross-site Scripting vulnerability in Icontime Rtc-1000 Firmware 2.5.7458 A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | 5.4 |
| 2017-11-17 | CVE-2017-1000211 | Use After Free vulnerability in Lynx Project Lynx 2.8.9 Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | 5.3 |
| 2017-11-17 | CVE-2017-4938 | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. | 6.5 |
| 2017-11-17 | CVE-2017-4929 | Cross-site Scripting vulnerability in VMWare NSX Edge VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 6.1 |
| 2017-11-17 | CVE-2017-10890 | Session Fixation vulnerability in Sharp products Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. | 4.6 |
| 2017-11-17 | CVE-2017-10889 | XXE vulnerability in Tablepress TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | 4.3 |
| 2017-11-17 | CVE-2017-10888 | Information Exposure vulnerability in Bookwalker Book Walker 1.2.5/1.2.9 BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | 5.5 |
| 2017-11-17 | CVE-2017-10886 | Cross-site Scripting vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-11-17 | CVE-2017-16868 | NULL Pointer Dereference vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. | 5.5 |