Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-21 | CVE-2017-11516 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.12 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | 6.1 |
| 2017-07-21 | CVE-2017-7542 | Unspecified vulnerability in Linux Kernel The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | 5.5 |
| 2017-07-21 | CVE-2017-11505 | Excessive Iteration vulnerability in Imagemagick The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. | 6.5 |
| 2017-07-21 | CVE-2015-3421 | Cross-site Scripting vulnerability in Eshop Project Eshop The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | 6.1 |
| 2017-07-21 | CVE-2015-3170 | 7PK - Security Features vulnerability in Selinux Project Selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | 5.5 |
| 2017-07-21 | CVE-2015-1323 | Information Exposure vulnerability in Canonical Ubuntu Linux The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. | 5.5 |
| 2017-07-21 | CVE-2017-9931 | Cross-site Scripting vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. | 6.1 |
| 2017-07-20 | CVE-2017-11503 | Cross-site Scripting vulnerability in PHPmailer Project PHPmailer 5.2.23 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 |
| 2017-07-20 | CVE-2017-11501 | Improper Certificate Validation vulnerability in Nixos Project Nixos NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. | 5.9 |
| 2017-07-20 | CVE-2017-0378 | Cross-site Scripting vulnerability in Phamm XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | 6.1 |