Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2012-4382 | Information Exposure vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt. | 4.9 |
| 2017-10-19 | CVE-2012-4379 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | 6.5 |
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 5.4 |
| 2017-10-19 | CVE-2017-15642 | Use After Free vulnerability in multiple products In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | 5.5 |
| 2017-10-19 | CVE-2017-15639 | XXE vulnerability in Getmura Mura CMS 6.1 tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | 6.5 |
| 2017-10-19 | CVE-2017-10428 | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 5.0 |
| 2017-10-19 | CVE-2017-10427 | Unspecified vulnerability in Oracle Retail Xstore Point of Service Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). | 6.5 |
| 2017-10-19 | CVE-2017-10425 | Unspecified vulnerability in Oracle Hospitality Simphony Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). | 5.4 |
| 2017-10-19 | CVE-2017-10423 | Unspecified vulnerability in Oracle Retail Back Office Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). | 5.4 |
| 2017-10-19 | CVE-2017-10422 | Information Exposure vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). | 5.9 |