Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-04 CVE-2017-12432 Allocation of Resources Without Limits or Throttling vulnerability in Imagemagick 7.0.61
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
network
low complexity
imagemagick CWE-770
6.5
2017-08-04 CVE-2017-12431 Use After Free vulnerability in Imagemagick 7.0.61
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
network
low complexity
imagemagick CWE-416
6.5
2017-08-04 CVE-2017-12427 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
network
low complexity
imagemagick CWE-772
6.5
2017-08-03 CVE-2017-1504 Unspecified vulnerability in IBM Websphere Application Server 9.0.0.4
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption.
network
low complexity
ibm
6.5
2017-08-03 CVE-2017-1327 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-08-03 CVE-2017-1199 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Server
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-08-03 CVE-2017-11320 Cross-site Scripting vulnerability in Technicolor Tc7337 Firmware 08.89.17.20.00
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
network
low complexity
technicolor CWE-79
6.1
2017-08-02 CVE-2017-9770 Out-of-bounds Read vulnerability in Razerzone Razer Synapse
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
local
low complexity
razerzone CWE-125
5.5
2017-08-02 CVE-2017-9467 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
paloaltonetworks CWE-79
6.1
2017-08-02 CVE-2017-9459 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
paloaltonetworks CWE-79
6.1