Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-22 | CVE-2017-14653 | Information Exposure vulnerability in Asp4Cms Aspcms 2.7.2 member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | 6.5 |
| 2017-09-22 | CVE-2017-14684 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.74 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. | 6.5 |
| 2017-09-21 | CVE-2017-14681 | Improper Initialization vulnerability in P3Scan Project P3Scan 3.0 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | 5.5 |
| 2017-09-21 | CVE-2017-7549 | Unspecified vulnerability in Openstack Instack-Undercloud 5.3.0/6.1.0/7.2.0 A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. | 6.4 |
| 2017-09-21 | CVE-2017-14651 | Cross-site Scripting vulnerability in Wso2 products WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | 4.8 |
| 2017-09-21 | CVE-2017-14649 | Reachable Assertion vulnerability in Graphicsmagick 1.3.26 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | 5.5 |
| 2017-09-21 | CVE-2017-14645 | Out-of-bounds Read vulnerability in Bento4 1.5.0617 A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. | 6.5 |
| 2017-09-21 | CVE-2017-14643 | Out-of-bounds Read vulnerability in Bento4 1.5.0617 The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h. | 6.5 |
| 2017-09-21 | CVE-2017-14642 | NULL Pointer Dereference vulnerability in Bento4 1.5.0617 A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. | 6.5 |
| 2017-09-21 | CVE-2017-14641 | NULL Pointer Dereference vulnerability in Bento4 1.5.0617 A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. | 6.5 |