Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-06 | CVE-2017-14166 | Out-of-bounds Read vulnerability in multiple products libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | 6.5 |
| 2017-09-06 | CVE-2017-14165 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. | 6.5 |
| 2017-09-06 | CVE-2017-12476 | NULL Pointer Dereference vulnerability in Bento4 The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | 5.5 |
| 2017-09-06 | CVE-2017-12475 | NULL Pointer Dereference vulnerability in Axiosys Bento4 The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | 5.5 |
| 2017-09-06 | CVE-2017-12474 | NULL Pointer Dereference vulnerability in Bento4 The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | 5.5 |
| 2017-09-05 | CVE-2017-1457 | Cross-site Scripting vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. | 6.1 |
| 2017-09-05 | CVE-2017-1130 | Unspecified vulnerability in IBM Inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. | 6.5 |
| 2017-09-05 | CVE-2017-1129 | Unspecified vulnerability in IBM Expeditor and Inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. | 6.5 |
| 2017-09-05 | CVE-2017-5698 | Unspecified vulnerability in Intel products Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. | 4.4 |
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 4.7 |