Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-31 | CVE-2016-9404 | Cross-site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login. | 6.1 |
| 2017-01-31 | CVE-2016-9260 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | 5.4 |
| 2017-01-31 | CVE-2016-8697 | Divide By Zero vulnerability in Potrace Project Potrace The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image. | 5.5 |
| 2017-01-31 | CVE-2016-8696 | NULL Pointer Dereference vulnerability in Potrace Project Potrace The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695. | 5.5 |
| 2017-01-31 | CVE-2016-8695 | NULL Pointer Dereference vulnerability in Potrace Project Potrace The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696. | 5.5 |
| 2017-01-31 | CVE-2016-8694 | NULL Pointer Dereference vulnerability in Potrace Project Potrace The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696. | 5.5 |
| 2017-01-31 | CVE-2016-8685 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Potrace Project Potrace The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. | 5.5 |
| 2017-01-31 | CVE-2016-6329 | Information Exposure vulnerability in Openvpn OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | 5.9 |
| 2017-01-31 | CVE-2016-6285 | Cross-site Scripting vulnerability in Atlassian Jira Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | 6.1 |
| 2017-01-31 | CVE-2015-8976 | Cross-site Scripting vulnerability in Mybb Merge System and Mybb Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files." | 6.1 |