Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-20 | CVE-2017-2131 | Information Exposure vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | 5.3 |
| 2017-10-20 | CVE-2017-15651 | Improper Input Validation vulnerability in Paessler Prtg Network Monitor 17.3.33.2830 PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | 6.7 |
| 2017-10-19 | CVE-2017-14019 | Unquoted Search Path or Element vulnerability in Progea Movicon 11.5.1181 An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. | 6.7 |
| 2017-10-19 | CVE-2017-15648 | Cross-site Scripting vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | 6.1 |
| 2017-10-19 | CVE-2017-15646 | Cross-site Scripting vulnerability in Webmin Webmin before 1.860 has XSS with resultant remote code execution. | 6.1 |
| 2017-10-19 | CVE-2012-4382 | Information Exposure vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt. | 4.9 |
| 2017-10-19 | CVE-2012-4379 | Improper Access Control vulnerability in Mediawiki MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | 6.5 |
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 5.4 |
| 2017-10-19 | CVE-2017-15642 | Use After Free vulnerability in multiple products In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | 5.5 |
| 2017-10-19 | CVE-2017-15639 | XXE vulnerability in Getmura Mura CMS 6.1 tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | 6.5 |