Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-18 | CVE-2017-7942 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.54 The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 6.5 |
| 2017-04-18 | CVE-2017-7941 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 6.5 |
| 2017-04-18 | CVE-2017-7940 | Resource Exhaustion vulnerability in Entropymine Imageworsener 1.3.0 The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | 5.5 |
| 2017-04-18 | CVE-2017-7939 | Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.0 The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | 5.5 |
| 2017-04-18 | CVE-2017-7897 | Cross-site Scripting vulnerability in Mantisbt 2.3.0/2.3.1 A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | 6.1 |
| 2017-04-18 | CVE-2017-5653 | Improper Certificate Validation vulnerability in Apache CXF JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | 5.3 |
| 2017-04-18 | CVE-2017-7896 | Cross-site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | 6.1 |
| 2017-04-17 | CVE-2017-1160 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-17 | CVE-2016-3038 | Cross-site Scripting vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-17 | CVE-2016-3037 | Information Exposure vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. | 5.7 |