Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-25	CVE-2017-11434	Out-of-bounds Read vulnerability in multiple products The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. local low complexity qemu debian CWE-125	5.5
2017-07-17	CVE-2017-11352	In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. network low complexity imagemagick debian canonical	6.5
2017-07-08	CVE-2017-11107	Cross-site Scripting vulnerability in multiple products phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. network low complexity phpldapadmin-project debian CWE-79	6.1
2017-07-08	CVE-2017-11104	Improper Input Validation vulnerability in multiple products Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. network high complexity knot-dns debian CWE-20	5.9
2017-06-28	CVE-2017-9989	NULL Pointer Dereference vulnerability in multiple products util/outputtxt.c in libming 0.4.8 mishandles memory allocation. network low complexity libming debian CWE-476	6.5
2017-06-28	CVE-2017-9988	NULL Pointer Dereference vulnerability in multiple products The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. network low complexity libming debian CWE-476	6.5
2017-06-26	CVE-2017-9936	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. network low complexity libtiff debian canonical CWE-772	6.5
2017-06-26	CVE-2017-9929	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. local low complexity long-range-zip-project debian CWE-119	5.5
2017-06-26	CVE-2017-9928	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. local low complexity long-range-zip-project debian CWE-119	5.5
2017-06-25	CVE-2017-9868	Information Exposure vulnerability in multiple products In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. local low complexity eclipse debian CWE-200	5.5