Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-29 CVE-2017-9289 Cross-site Scripting vulnerability in Note Project Note
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).
network
low complexity
note-project CWE-79
6.1
2017-05-29 CVE-2017-9288 Cross-site Scripting vulnerability in Raygun Raygun4Wp 1.8.0
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
network
low complexity
raygun CWE-79
6.1
2017-05-29 CVE-2017-9287 Double Free vulnerability in multiple products
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.
network
low complexity
openldap debian redhat mcafee oracle CWE-415
6.5
2017-05-29 CVE-2017-9263 Improper Input Validation vulnerability in Openvswitch 2.7.0
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
low complexity
openvswitch CWE-20
6.5
2017-05-29 CVE-2017-9262 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
network
low complexity
imagemagick CWE-772
6.5
2017-05-29 CVE-2017-9261 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
network
low complexity
imagemagick CWE-772
6.5
2017-05-28 CVE-2017-9252 Cross-site Scripting vulnerability in Finecms Project Finecms
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
network
low complexity
finecms-project CWE-79
6.1
2017-05-28 CVE-2017-9251 Cross-site Scripting vulnerability in Finecms Project Finecms
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
network
low complexity
finecms-project CWE-79
6.1
2017-05-28 CVE-2017-9249 Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file.
network
low complexity
allen-disk-project CWE-79
5.4
2017-05-28 CVE-2017-9243 Cross-site Scripting vulnerability in Aries Networks Qwr-1104 Wireless-N Router Firmware Wrc.253.2.0913
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
network
low complexity
aries-networks CWE-79
6.1