Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-1434 | Information Exposure vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. | 4.7 |
| 2017-09-12 | CVE-2017-1352 | Command Injection vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. | 5.5 |
| 2017-09-12 | CVE-2017-14347 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | 6.1 |
| 2017-09-12 | CVE-2017-8918 | XXE vulnerability in Blackwave Dive Assistant 8.0 XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | 5.5 |
| 2017-09-12 | CVE-2017-14343 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | 6.5 |
| 2017-09-12 | CVE-2017-14342 | Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | 6.5 |
| 2017-09-12 | CVE-2017-14341 | Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | 6.5 |
| 2017-09-12 | CVE-2017-1000250 | Information Exposure vulnerability in Bluez All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. | 6.5 |
| 2017-09-12 | CVE-2017-14318 | NULL Pointer Dereference vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x. | 6.5 |
| 2017-09-12 | CVE-2017-14317 | Race Condition vulnerability in XEN A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. | 5.6 |