Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-24 | CVE-2017-9507 | Cross-site Scripting vulnerability in Atlassian Crucible The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. | 5.4 |
| 2017-08-24 | CVE-2017-13666 | Integer Underflow (Wrap or Wraparound) vulnerability in Multicorewareinc X265 An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. | 5.5 |
| 2017-08-24 | CVE-2017-13658 | Reachable Assertion vulnerability in Imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | 6.5 |
| 2017-08-23 | CVE-2017-13649 | Improper Initialization vulnerability in Unrealircd UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 5.5 |
| 2017-08-23 | CVE-2017-13648 | Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | 6.5 |
| 2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
| 2017-08-23 | CVE-2017-9506 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Oauth The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | 6.1 |
| 2017-08-23 | CVE-2017-12971 | Cross-site Scripting vulnerability in Apache2Triad 1.5.4 Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | 6.1 |
| 2017-08-23 | CVE-2017-12809 | NULL Pointer Dereference vulnerability in multiple products QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. | 6.5 |
| 2017-08-23 | CVE-2017-13138 | Cross-site Scripting vulnerability in Qodeinteractive Bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | 6.1 |