Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-10 | CVE-2017-12781 | NULL Pointer Dereference vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12780 | Use After Free vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12779 | NULL Pointer Dereference vulnerability in Matroska Mkvalidator 0.5.1 The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-11461 | Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 5.1 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | 4.3 |
| 2017-11-09 | CVE-2017-16759 | Path Traversal vulnerability in Librenms The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | 5.9 |
| 2017-11-09 | CVE-2017-16758 | Cross-site Scripting vulnerability in Ultimate Instagram Feed Project Ultimate Instagram Feed Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter. | 4.8 |
| 2017-11-09 | CVE-2017-16711 | NULL Pointer Dereference vulnerability in Swftools 0.9.2 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender. | 5.5 |
| 2017-11-09 | CVE-2017-16673 | Information Exposure vulnerability in Datto Backup Agent 1.0.6.0 Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. | 5.3 |
| 2017-11-09 | CVE-2017-16672 | Missing Release of Resource after Effective Lifetime vulnerability in Digium Asterisk An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. | 5.9 |
| 2017-11-08 | CVE-2017-15085 | Unspecified vulnerability in Redhat Gluster Storage 3.3 It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 5.9 |