Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2017-15289 | Out-of-bounds Write vulnerability in Qemu The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | 6.0 |
| 2017-10-16 | CVE-2015-3229 | Permissions, Privileges, and Access Controls vulnerability in Fedoraproject Spin-Kickstarts fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | 5.9 |
| 2017-10-16 | CVE-2014-0208 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | 5.4 |
| 2017-10-16 | CVE-2017-15384 | Cross-site Scripting vulnerability in PHPjabbers Rate ME 1.0 rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | 6.1 |
| 2017-10-16 | CVE-2017-15361 | Unspecified vulnerability in Infineon RSA Library and Trusted Platform Firmware The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. | 5.9 |
| 2017-10-16 | CVE-2017-15294 | Cross-site Scripting vulnerability in SAP Customer Relationship Management The Java administration console in SAP CRM has XSS. | 6.1 |
| 2017-10-16 | CVE-2014-8087 | Cross-site Scripting vulnerability in Post Highlights Projects Post Highlights Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php. | 6.1 |
| 2017-10-16 | CVE-2016-8734 | Resource Exhaustion vulnerability in multiple products Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. | 6.5 |
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-10-16 | CVE-2017-15375 | Cross-site Scripting vulnerability in Wpjobboard 4.5.1 Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. | 6.1 |