Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-1000131 Cross-site Scripting vulnerability in E-Search Project Esearch 1.0
Reflected XSS in wordpress plugin e-search v1.0
network
low complexity
e-search-project CWE-79
6.1
6.1
2016-10-10 CVE-2016-1000130 Cross-site Scripting vulnerability in E-Search Project E-Search 1.0
Reflected XSS in wordpress plugin e-search v1.0
network
low complexity
e-search-project CWE-79
6.1
6.1
2016-10-10 CVE-2016-1000129 Cross-site Scripting vulnerability in Defa-Online-Image-Protector Project Defa-Online-Image-Protector 3.3
Reflected XSS in wordpress plugin defa-online-image-protector v3.3 		6.1
6.1
2016-10-10 CVE-2016-1000128 Cross-site Scripting vulnerability in Anti-Plagiarism Project Anti-Plagiarism 3.60
Reflected XSS in wordpress plugin anti-plagiarism v3.60
network
low complexity
anti-plagiarism-project CWE-79
6.1
6.1
2016-10-10 CVE-2016-1000127 Cross-site Scripting vulnerability in Ajax-Random-Post Project Ajax-Random-Post
Reflected XSS in wordpress plugin ajax-random-post v2.00
network
low complexity
ajax-random-post-project CWE-79
6.1
6.1
2016-10-10 CVE-2016-1000126 Cross-site Scripting vulnerability in Admin-Font-Editor Project Admin-Font-Editor 1.8
Reflected XSS in wordpress plugin admin-font-editor v1.8
network
low complexity
admin-font-editor-project CWE-79
6.1
6.1
2016-10-10 CVE-2016-8100 Information Exposure vulnerability in Intel Integrated Performance Primitives 9.0/9.0.3
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
local
low complexity
intel CWE-200
5.5
5.5
2016-10-10 CVE-2016-7423 Unspecified vulnerability in Qemu
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
local
low complexity
qemu
4.4
4.4
2016-10-10 CVE-2016-7099 Data Processing Errors vulnerability in multiple products
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
network
high complexity
nodejs suse CWE-19
5.9
5.9
2016-10-10 CVE-2016-5325 HTTP Response Splitting vulnerability in multiple products
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
network
low complexity
nodejs suse CWE-113
6.1
6.1