Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-28 | CVE-2017-15955 | NULL Pointer Dereference vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | 5.5 |
| 2017-10-28 | CVE-2017-15954 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | 5.5 |
| 2017-10-28 | CVE-2017-15953 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | 5.5 |
| 2017-10-28 | CVE-2017-15948 | Cross-site Scripting vulnerability in Edgeofmyseat Perch 3.0.3 Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. | 4.8 |
| 2017-10-28 | CVE-2017-15947 | Cross-site Scripting vulnerability in Aspsource Simple ASC Content Management System 1.2 Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | 5.4 |
| 2017-10-27 | CVE-2017-15939 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | 5.5 |
| 2017-10-27 | CVE-2017-15937 | Information Exposure vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. | 6.5 |
| 2017-10-27 | CVE-2017-15936 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | 5.4 |
| 2017-10-27 | CVE-2017-15934 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | 5.4 |
| 2017-10-27 | CVE-2015-1835 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | 5.3 |