Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-04 | CVE-2017-14994 | NULL Pointer Dereference vulnerability in multiple products ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | 6.5 |
| 2017-10-04 | CVE-2017-14991 | Information Exposure vulnerability in Linux Kernel The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | 5.5 |
| 2017-10-04 | CVE-2017-1126 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. | 5.3 |
| 2017-10-04 | CVE-2017-0816 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.5 |
| 2017-10-04 | CVE-2017-0815 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.5 |
| 2017-10-03 | CVE-2017-9797 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. | 6.5 |
| 2017-10-03 | CVE-2017-9538 | Improper Input Validation vulnerability in Solarwinds Network Performance Monitor 12.0/12.0.1/12.0.15300.90 The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. | 4.9 |
| 2017-10-03 | CVE-2017-9537 | Cross-site Scripting vulnerability in Solarwinds Network Performance Monitor 12.0.15300.90 Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | 4.8 |
| 2017-10-03 | CVE-2017-14990 | Cleartext Storage of Sensitive Information vulnerability in multiple products WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | 6.5 |
| 2017-10-03 | CVE-2017-14989 | Use After Free vulnerability in Imagemagick 7.0.74 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | 6.5 |