Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-22 | CVE-2017-14712 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | 5.4 |
| 2017-09-22 | CVE-2017-6271 | Divide By Zero vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. | 5.5 |
| 2017-09-22 | CVE-2017-6270 | Divide By Zero vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. | 5.5 |
| 2017-09-22 | CVE-2017-6267 | Infinite Loop vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | 5.5 |
| 2017-09-22 | CVE-2017-6266 | Unspecified vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. | 5.5 |
| 2017-09-22 | CVE-2017-3763 | Unspecified vulnerability in Lenovo Xclarity Administrator An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | 6.7 |
| 2017-09-22 | CVE-2017-14653 | Information Exposure vulnerability in Asp4Cms Aspcms 2.7.2 member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | 6.5 |
| 2017-09-22 | CVE-2017-14684 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.74 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. | 6.5 |
| 2017-09-21 | CVE-2017-14681 | Improper Initialization vulnerability in P3Scan Project P3Scan 3.0 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | 5.5 |
| 2017-09-21 | CVE-2017-7549 | Unspecified vulnerability in Openstack Instack-Undercloud 5.3.0/6.1.0/7.2.0 A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. | 6.4 |