Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2017-14340 | NULL Pointer Dereference vulnerability in Linux Kernel The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | 5.5 |
| 2017-09-15 | CVE-2017-14489 | Improper Input Validation vulnerability in Linux Kernel The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | 5.5 |
| 2017-09-15 | CVE-2017-14483 | Race Condition vulnerability in Gentoo Dev-Python-Flower flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 5.5 |
| 2017-09-14 | CVE-2017-0785 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android system (bluetooth). | 6.5 |
| 2017-09-14 | CVE-2017-0783 | Information Exposure vulnerability in Google Android A information disclosure vulnerability in the Android system (bluetooth). | 6.5 |
| 2017-09-14 | CVE-2017-13761 | Information Exposure vulnerability in Fastly 1.2.25 The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses. | 6.5 |
| 2017-09-14 | CVE-2015-7553 | Race Condition vulnerability in Redhat Enterprise Linux, Enterprise MRG and Kernel-Rt Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | 4.7 |
| 2017-09-14 | CVE-2017-1490 | Information Exposure vulnerability in IBM Jazz Reporting Service An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | 5.3 |
| 2017-09-14 | CVE-2017-1002150 | Open Redirect vulnerability in Fedoraproject Python-Fedora 0.8.0 python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | 6.1 |
| 2017-09-14 | CVE-2017-1002100 | Information Exposure vulnerability in Kubernetes Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. | 6.5 |