Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2015-7976 | 7PK - Security Features vulnerability in multiple products The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | 4.3 |
| 2017-01-30 | CVE-2015-7975 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). | 6.2 |
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |
| 2017-01-30 | CVE-2017-5573 | Unspecified vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 4.9 |
| 2017-01-30 | CVE-2017-5572 | Improper Privilege Management vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 6.5 |
| 2017-01-30 | CVE-2017-5632 | Unspecified vulnerability in Asus Rt-N56U Firmware 3.0.0.4.374979 An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. low complexity asus | 6.5 |
| 2017-01-30 | CVE-2017-5612 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | 6.1 |
| 2017-01-30 | CVE-2017-5610 | Information Exposure vulnerability in multiple products wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. | 5.3 |
| 2017-01-28 | CVE-2017-5608 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | 6.1 |
| 2017-01-27 | CVE-2017-3318 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). | 4.0 |