Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-9071 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 4.7 |
| 2017-05-18 | CVE-2017-9070 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | 5.4 |
| 2017-05-18 | CVE-2017-9068 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | 6.1 |
| 2017-05-18 | CVE-2017-9063 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | 6.1 |
| 2017-05-18 | CVE-2017-9061 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | 6.1 |
| 2017-05-18 | CVE-2017-7433 | Path Traversal vulnerability in Micro Focus Vibe An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. | 6.5 |
| 2017-05-18 | CVE-2017-9059 | Improper Resource Shutdown or Release vulnerability in Linux Kernel The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. | 5.5 |
| 2017-05-18 | CVE-2017-9045 | Missing Encryption of Sensitive Data vulnerability in Google I/O 2017 5.0.3 The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file. | 5.9 |
| 2017-05-18 | CVE-2017-8769 | Missing Encryption of Sensitive Data vulnerability in Whatsapp Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. | 4.6 |
| 2017-05-18 | CVE-2017-9044 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | 5.5 |