Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2017-5842 | Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | 5.5 |
| 2017-02-09 | CVE-2017-5837 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. | 5.5 |
| 2017-02-09 | CVE-2016-4988 | Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 6.1 |
| 2017-02-09 | CVE-2016-4987 | Path Traversal vulnerability in Jenkins Image Gallery Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | 6.5 |
| 2017-02-09 | CVE-2016-3101 | Cross-site Scripting vulnerability in Jenkins Extra Columns Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | 5.4 |
| 2017-02-09 | CVE-2016-10198 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | 5.5 |
| 2017-02-09 | CVE-2015-8936 | Cross-site Scripting vulnerability in Squidguard Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | 6.1 |
| 2017-02-09 | CVE-2015-8831 | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | 6.1 |
| 2017-02-08 | CVE-2016-9686 | Improper Input Validation vulnerability in Puppet Enterprise 2016.4.0/2016.4.2/2016.5.1 The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. | 5.3 |
| 2017-02-08 | CVE-2016-5918 | Information Exposure vulnerability in IBM Tivoli Storage Manager for Space Management IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | 4.7 |