Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-22 CVE-2017-14712 Cross-site Scripting vulnerability in Telaxius Epesi
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
network
low complexity
telaxius CWE-79
5.4
2017-09-22 CVE-2017-6271 Divide By Zero vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.
local
low complexity
nvidia CWE-369
5.5
2017-09-22 CVE-2017-6270 Divide By Zero vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.
local
low complexity
nvidia CWE-369
5.5
2017-09-22 CVE-2017-6267 Infinite Loop vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
local
low complexity
nvidia CWE-835
5.5
2017-09-22 CVE-2017-6266 Unspecified vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.
local
low complexity
nvidia
5.5
2017-09-22 CVE-2017-3763 Unspecified vulnerability in Lenovo Xclarity Administrator
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
local
low complexity
lenovo
6.7
2017-09-22 CVE-2017-14653 Information Exposure vulnerability in Asp4Cms Aspcms 2.7.2
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.
network
low complexity
asp4cms CWE-200
6.5
2017-09-22 CVE-2017-14684 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.74
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
network
low complexity
imagemagick CWE-772
6.5
2017-09-21 CVE-2017-14681 Improper Initialization vulnerability in P3Scan Project P3Scan 3.0
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
local
low complexity
p3scan-project CWE-665
5.5
2017-09-21 CVE-2017-7549 Unspecified vulnerability in Openstack Instack-Undercloud 5.3.0/6.1.0/7.2.0
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files.
local
high complexity
openstack
6.4