Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2016-5760 | Cross-site Scripting vulnerability in Novell Groupwise Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | 6.1 |
| 2017-04-20 | CVE-2016-4849 | Cross-site Scripting vulnerability in Geeklog Project Geeklog 2.1.1 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | 6.1 |
| 2017-04-20 | CVE-2016-4847 | Cross-site Scripting vulnerability in Ossec web UI 0.3/0.8 Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | 6.1 |
| 2017-04-20 | CVE-2017-7982 | Integer Overflow or Wraparound vulnerability in Libimobiledevice Libplist Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. | 5.5 |
| 2017-04-20 | CVE-2017-7282 | Information Exposure vulnerability in Unitrends Enterprise Backup 7.3.0/8.2.08/9.1 An issue was discovered in Unitrends Enterprise Backup before 9.1.1. | 5.5 |
| 2017-04-19 | CVE-2017-7962 | Divide By Zero vulnerability in Entropymine Imageworsener 1.3.0 The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | 5.5 |
| 2017-04-19 | CVE-2017-7960 | Out-of-bounds Read vulnerability in Gnome Libcroco 0.6.11/0.6.12 The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | 5.5 |
| 2017-04-19 | CVE-2017-7849 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | 5.5 |
| 2017-04-19 | CVE-2016-7537 | Out-of-bounds Read vulnerability in Imagemagick MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | 6.5 |
| 2017-04-19 | CVE-2016-7533 | Out-of-bounds Read vulnerability in Imagemagick The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. | 6.5 |