Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-24 | CVE-2017-13658 | Reachable Assertion vulnerability in Imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | 6.5 |
| 2017-08-23 | CVE-2017-13649 | Improper Initialization vulnerability in Unrealircd UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 5.5 |
| 2017-08-23 | CVE-2017-13648 | Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | 6.5 |
| 2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
| 2017-08-23 | CVE-2017-9506 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Oauth The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | 6.1 |
| 2017-08-23 | CVE-2017-12971 | Cross-site Scripting vulnerability in Apache2Triad 1.5.4 Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | 6.1 |
| 2017-08-23 | CVE-2017-12809 | NULL Pointer Dereference vulnerability in multiple products QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. | 6.5 |
| 2017-08-23 | CVE-2017-13138 | Cross-site Scripting vulnerability in Qodeinteractive Bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | 6.1 |
| 2017-08-23 | CVE-2017-12844 | Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.4 Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | 4.8 |
| 2017-08-23 | CVE-2017-13145 | Improper Input Validation vulnerability in multiple products In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | 6.5 |