Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-29 | CVE-2017-9288 | Cross-site Scripting vulnerability in Raygun Raygun4Wp 1.8.0 The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | 6.1 |
| 2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 6.5 |
| 2017-05-29 | CVE-2017-9263 | Improper Input Validation vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 6.5 |
| 2017-05-29 | CVE-2017-9262 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-05-29 | CVE-2017-9261 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-05-28 | CVE-2017-9252 | Cross-site Scripting vulnerability in Finecms Project Finecms andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | 6.1 |
| 2017-05-28 | CVE-2017-9251 | Cross-site Scripting vulnerability in Finecms Project Finecms andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | 6.1 |
| 2017-05-28 | CVE-2017-9249 | Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6 Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. | 5.4 |
| 2017-05-28 | CVE-2017-9243 | Cross-site Scripting vulnerability in Aries Networks Qwr-1104 Wireless-N Router Firmware Wrc.253.2.0913 Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | 6.1 |
| 2017-05-28 | CVE-2017-7296 | Cross-site Scripting vulnerability in Contiki-Os Contiki 3.0 An issue was discovered in Contiki Operating System 3.0. | 6.1 |