Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 4.7 |
| 2017-09-05 | CVE-2017-14156 | Information Exposure vulnerability in Linux Kernel The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. | 5.5 |
| 2017-09-05 | CVE-2017-14140 | Information Exposure vulnerability in Linux Kernel The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. | 5.5 |
| 2017-09-05 | CVE-2017-14108 | Resource Exhaustion vulnerability in Gnome Gedit 3.22.1 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | 5.5 |
| 2017-09-04 | CVE-2017-14139 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.62 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. | 6.5 |
| 2017-09-04 | CVE-2017-14136 | Out-of-bounds Write vulnerability in multiple products OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. | 6.5 |
| 2017-09-04 | CVE-2017-14132 | Out-of-bounds Read vulnerability in multiple products JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. | 6.5 |
| 2017-09-04 | CVE-2017-14130 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. | 5.5 |
| 2017-09-04 | CVE-2017-14129 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. | 5.5 |
| 2017-09-04 | CVE-2017-14128 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. | 5.5 |