Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2017-14534 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | 6.1 |
| 2017-09-18 | CVE-2017-12157 | Information Exposure vulnerability in Moodle In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | 4.3 |
| 2017-09-18 | CVE-2017-12156 | Cross-site Scripting vulnerability in Moodle Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | 6.1 |
| 2017-09-18 | CVE-2017-14533 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | 6.5 |
| 2017-09-18 | CVE-2017-14531 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | 6.5 |
| 2017-09-18 | CVE-2017-14529 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | 5.5 |
| 2017-09-18 | CVE-2017-14528 | Use After Free vulnerability in multiple products The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. | 6.5 |
| 2017-09-17 | CVE-2017-14517 | NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | 5.5 |
| 2017-09-17 | CVE-2017-14513 | Path Traversal vulnerability in Metinfo 5.3.17 Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | 5.3 |
| 2017-09-17 | CVE-2017-14510 | Cross-site Scripting vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 6.1 |