Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-17 | CVE-2017-14501 | Out-of-bounds Read vulnerability in Libarchive 3.3.2 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | 6.5 |
| 2017-09-15 | CVE-2015-0110 | Improper Access Control vulnerability in IBM products IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | 6.5 |
| 2017-09-15 | CVE-2017-14498 | Cross-site Scripting vulnerability in Silverstripe SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | 6.1 |
| 2017-09-15 | CVE-2017-10814 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Corega WLR 300 NM Firmware 1.90 Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 6.8 |
| 2017-09-15 | CVE-2017-10813 | OS Command Injection vulnerability in Corega WLR 300 NM Firmware 1.90 CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-09-15 | CVE-2017-4926 | Cross-site Scripting vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). | 5.4 |
| 2017-09-15 | CVE-2017-4925 | NULL Pointer Dereference vulnerability in VMWare products VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. | 5.5 |
| 2017-09-15 | CVE-2017-14340 | NULL Pointer Dereference vulnerability in Linux Kernel The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | 5.5 |
| 2017-09-15 | CVE-2017-14489 | Improper Input Validation vulnerability in Linux Kernel The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | 5.5 |
| 2017-09-15 | CVE-2017-14483 | Race Condition vulnerability in Gentoo Dev-Python-Flower flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 5.5 |