Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-24 CVE-2017-13671 Cross-site Scripting vulnerability in Misp
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.
network
low complexity
misp CWE-79
6.1
2017-08-24 CVE-2017-12879 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
network
low complexity
paessler CWE-79
5.4
2017-08-24 CVE-2017-12074 Path Traversal vulnerability in Synology DNS Server
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
network
low complexity
synology CWE-22
6.5
2017-08-24 CVE-2017-9510 Cross-site Scripting vulnerability in Atlassian Fisheye
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
network
low complexity
atlassian CWE-79
5.4
2017-08-24 CVE-2017-9509 Cross-site Scripting vulnerability in Atlassian Crucible
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.
network
low complexity
atlassian CWE-79
5.4
2017-08-24 CVE-2017-9508 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
network
low complexity
atlassian CWE-79
5.4
2017-08-24 CVE-2017-9507 Cross-site Scripting vulnerability in Atlassian Crucible
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
network
low complexity
atlassian CWE-79
5.4
2017-08-24 CVE-2017-13666 Integer Underflow (Wrap or Wraparound) vulnerability in Multicorewareinc X265
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products.
local
low complexity
multicorewareinc CWE-191
5.5
2017-08-24 CVE-2017-13658 Reachable Assertion vulnerability in Imagemagick
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
network
low complexity
imagemagick CWE-617
6.5
2017-08-23 CVE-2017-13649 Improper Initialization vulnerability in Unrealircd
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
unrealircd CWE-665
5.5