Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-10 | CVE-2017-6732 | Improper Privilege Management vulnerability in Cisco Prime Network A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. | 6.7 |
| 2017-07-10 | CVE-2017-6730 | Information Exposure vulnerability in Cisco Wide Area Application Services 4.4(7)/6.2(1)/6.2(3) A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. | 5.3 |
| 2017-07-10 | CVE-2017-6727 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.2(3A) A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. | 5.3 |
| 2017-07-10 | CVE-2017-6726 | Information Exposure vulnerability in Cisco Prime Network 4.2(1.0)P1 A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. | 5.5 |
| 2017-07-10 | CVE-2017-11166 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. | 6.5 |
| 2017-07-10 | CVE-2017-11163 | Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 5.4 |
| 2017-07-10 | CVE-2017-1398 | Open Redirect vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-07-10 | CVE-2017-1284 | Information Exposure vulnerability in IBM Websphere MQ 9.0.1/9.0.2 IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. | 4.7 |
| 2017-07-10 | CVE-2017-11141 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call. | 6.5 |
| 2017-07-10 | CVE-2017-11140 | Improper Handling of Exceptional Conditions vulnerability in Graphicsmagick 1.3.26 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. | 5.5 |