Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-01 | CVE-2017-1340 | Information Exposure vulnerability in IBM Jazz Reporting Service 6.0.4 IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. | 5.0 |
| 2017-11-01 | CVE-2017-1333 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. | 5.3 |
| 2017-11-01 | CVE-2017-1290 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-01 | CVE-2017-1148 | Information Exposure vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. | 5.3 |
| 2017-11-01 | CVE-2017-1147 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-01 | CVE-2017-1000122 | Improper Input Validation vulnerability in Webkitgtk Webkitgtk+ The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. | 5.3 |
| 2017-11-01 | CVE-2016-3048 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-01 | CVE-2017-16359 | NULL Pointer Dereference vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | 5.5 |
| 2017-11-01 | CVE-2017-14992 | Improper Input Validation vulnerability in Docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | 6.5 |
| 2017-11-01 | CVE-2017-1001001 | Cross-site Scripting vulnerability in Pluxml 5.6 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | 5.4 |