Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-05 | CVE-2017-8439 | Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. | 6.1 |
| 2017-06-05 | CVE-2017-1000367 | Race Condition vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | 6.4 |
| 2017-06-04 | CVE-2014-9983 | Path Traversal vulnerability in Rarlab RAR Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. | 5.5 |
| 2017-06-04 | CVE-2012-6705 | Cross-site Scripting vulnerability in Jamroom 4.2.6 Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | 6.1 |
| 2017-06-04 | CVE-2017-9416 | Path Traversal vulnerability in Odoo 10.0/8.0/9.0 Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | 6.5 |
| 2017-06-04 | CVE-2017-3740 | Unspecified vulnerability in Lenovo Active Protection System In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | 5.5 |
| 2017-06-02 | CVE-2017-9409 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9408 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9407 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9406 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |