Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-03 | CVE-2016-6201 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10 Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | 6.1 |
| 2017-07-03 | CVE-2016-6127 | Cross-site Scripting vulnerability in Bestpractical Request Tracker Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. | 6.1 |
| 2017-07-03 | CVE-2017-10798 | Cross-site Scripting vulnerability in Objectplanet Opinio In ObjectPlanet Opinio before 7.6.4, there is XSS. | 6.1 |
| 2017-07-03 | CVE-2017-10800 | Resource Exhaustion vulnerability in Graphicsmagick 1.3.25 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | 5.5 |
| 2017-07-03 | CVE-2017-10799 | Resource Exhaustion vulnerability in Graphicsmagick 1.3.25 When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | 5.5 |
| 2017-07-02 | CVE-2017-10796 | Improper Authentication vulnerability in Tp-Link Nc250 Firmware 1.0.10/1.0.8/1.2.1 On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | 6.5 |
| 2017-07-02 | CVE-2017-10794 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.25 When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | 5.5 |
| 2017-07-02 | CVE-2017-10795 | Cross-site Scripting vulnerability in Intelliants Subrion 4.1.4 Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | 6.1 |
| 2017-07-02 | CVE-2017-10706 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Antiy Antivirus Engine When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. | 6.2 |
| 2017-07-02 | CVE-2017-10792 | NULL Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2 There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. | 6.5 |