Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-14748 | Race Condition vulnerability in Blizzard Overwatch 1.15.0.2 Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | 5.3 |
| 2017-09-26 | CVE-2017-1425 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2015-7391 | Cross-site Scripting vulnerability in Testlink Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | 6.1 |
| 2017-09-26 | CVE-2015-3248 | Resource Exhaustion vulnerability in Openhpi 3.5.0 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). | 4.7 |
| 2017-09-26 | CVE-2015-5069 | Information Exposure vulnerability in multiple products The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | 4.3 |
| 2017-09-26 | CVE-2015-0874 | Improper Certificate Validation vulnerability in OKB Smart Passbook 1.0.0 Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | 5.9 |
| 2017-09-26 | CVE-2017-14744 | Cross-site Scripting vulnerability in Baidu Ueditor UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | 6.1 |
| 2017-09-26 | CVE-2017-1000252 | Reachable Assertion vulnerability in Linux Kernel The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | 5.5 |