Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-17 | CVE-2017-14505 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.71 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. | 6.5 |
| 2017-09-17 | CVE-2017-14504 | NULL Pointer Dereference vulnerability in multiple products ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | 6.5 |
| 2017-09-17 | CVE-2017-14503 | Out-of-bounds Read vulnerability in Libarchive 3.3.2 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | 6.5 |
| 2017-09-17 | CVE-2017-14501 | Out-of-bounds Read vulnerability in Libarchive 3.3.2 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | 6.5 |
| 2017-09-15 | CVE-2015-0110 | Improper Access Control vulnerability in IBM products IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | 6.5 |
| 2017-09-15 | CVE-2017-14498 | Cross-site Scripting vulnerability in Silverstripe SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | 6.1 |
| 2017-09-15 | CVE-2017-10814 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Corega WLR 300 NM Firmware 1.90 Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 6.8 |
| 2017-09-15 | CVE-2017-10813 | OS Command Injection vulnerability in Corega WLR 300 NM Firmware 1.90 CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-09-15 | CVE-2017-4926 | Cross-site Scripting vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). | 5.4 |
| 2017-09-15 | CVE-2017-4925 | NULL Pointer Dereference vulnerability in VMWare products VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. | 5.5 |