Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-05 | CVE-2017-9441 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. | 5.4 |
| 2017-06-05 | CVE-2017-9420 | Cross-site Scripting vulnerability in Sunnythemes Spiffy Calendar Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | 6.1 |
| 2017-06-05 | CVE-2017-9440 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-05 | CVE-2017-9439 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-05 | CVE-2017-9434 | Out-of-bounds Read vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | 5.3 |
| 2017-06-05 | CVE-2017-8840 | Information Exposure vulnerability in Peplink products Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 5.3 |
| 2017-06-05 | CVE-2017-8839 | Cross-site Scripting vulnerability in Peplink products XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 6.1 |
| 2017-06-05 | CVE-2017-8838 | Cross-site Scripting vulnerability in Peplink products XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 6.1 |
| 2017-06-05 | CVE-2017-8441 | Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. | 4.3 |
| 2017-06-05 | CVE-2017-8440 | Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |