Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-15 | CVE-2017-5494 | Cross-site Scripting vulnerability in B2Evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. | 5.4 |
| 2017-01-15 | CVE-2017-5491 | Insecure Default Initialization of Resource vulnerability in Wordpress wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | 5.3 |
| 2017-01-15 | CVE-2017-5490 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | 6.1 |
| 2017-01-15 | CVE-2017-5488 | Cross-site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. | 6.1 |
| 2017-01-15 | CVE-2017-5487 | Information Exposure vulnerability in Wordpress wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | 5.3 |
| 2017-01-14 | CVE-2017-5474 | Open Redirect vulnerability in S9Y Serendipity Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | 6.1 |
| 2017-01-13 | CVE-2017-0398 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-01-13 | CVE-2016-9813 | NULL Pointer Dereference vulnerability in Gstreamer 1.10.1 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-9811 | Out-of-bounds Read vulnerability in multiple products The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | 4.7 |
| 2017-01-13 | CVE-2016-9810 | Out-of-bounds Read vulnerability in Gstreamer 1.10.1 The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | 5.5 |