Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-23 | CVE-2017-13133 | Allocation of Resources Without Limits or Throttling vulnerability in Imagemagick 7.0.68 In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. | 6.5 |
| 2017-08-23 | CVE-2017-13132 | Reachable Assertion vulnerability in Imagemagick 7.0.68 In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. | 6.5 |
| 2017-08-23 | CVE-2017-13131 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.68 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. | 6.5 |
| 2017-08-22 | CVE-2016-6311 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform 7.0 Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | 5.3 |
| 2017-08-22 | CVE-2016-6310 | Information Exposure vulnerability in Redhat Enterprise Virtualization oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | 5.5 |
| 2017-08-22 | CVE-2016-2102 | Improper Authentication vulnerability in Haproxy HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | 5.3 |
| 2017-08-22 | CVE-2014-6189 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-08-22 | CVE-2017-12843 | Improper Input Validation vulnerability in multiple products Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | 6.5 |
| 2017-08-22 | CVE-2017-13066 | Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | 6.5 |
| 2017-08-22 | CVE-2017-13065 | NULL Pointer Dereference vulnerability in multiple products GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | 6.5 |