Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-26 CVE-2017-1531 Cross-site Scripting vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-09-26 CVE-2017-1530 Cross-site Scripting vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-09-26 CVE-2017-14748 Race Condition vulnerability in Blizzard Overwatch 1.15.0.2
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.
network
high complexity
blizzard CWE-362
5.3
2017-09-26 CVE-2017-1425 Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-09-26 CVE-2015-7391 Cross-site Scripting vulnerability in Testlink
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.
network
low complexity
testlink CWE-79
6.1
2017-09-26 CVE-2015-3248 Resource Exhaustion vulnerability in Openhpi 3.5.0
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).
local
high complexity
openhpi CWE-400
4.7
2017-09-26 CVE-2015-5069 Information Exposure vulnerability in multiple products
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
network
low complexity
wesnoth fedoraproject CWE-200
4.3
2017-09-26 CVE-2015-0874 Improper Certificate Validation vulnerability in OKB Smart Passbook 1.0.0
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
network
high complexity
okb CWE-295
5.9
2017-09-26 CVE-2017-14744 Cross-site Scripting vulnerability in Baidu Ueditor
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
network
low complexity
baidu CWE-79
6.1
2017-09-26 CVE-2017-1000252 Reachable Assertion vulnerability in Linux Kernel
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
local
low complexity
linux CWE-617
5.5