Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-1500 | Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. | 6.1 |
| 2017-08-01 | CVE-2017-4922 | Information Exposure vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. | 6.5 |
| 2017-08-01 | CVE-2017-12132 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Glibc The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | 5.9 |
| 2017-08-01 | CVE-2017-12062 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. | 6.1 |
| 2017-08-01 | CVE-2017-12061 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. | 6.1 |
| 2017-08-01 | CVE-2017-11136 | Unspecified vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 6.5 |
| 2017-08-01 | CVE-2017-11134 | Information Exposure Through Log Files vulnerability in Stashcat Heinekingmedia 1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. | 6.5 |
| 2017-08-01 | CVE-2017-11131 | Use of Password Hash With Insufficient Computational Effort vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 5.9 |
| 2017-08-01 | CVE-2015-5059 | Information Exposure vulnerability in Mantisbt The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php. | 5.3 |
| 2017-08-01 | CVE-2017-11552 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Underbit MAD Libmad 0.15.1B mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file. | 6.5 |