Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-09 | CVE-2017-7595 | Divide By Zero vulnerability in Libtiff 4.0.7 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. | 5.5 |
| 2017-04-09 | CVE-2017-7594 | Missing Release of Resource after Effective Lifetime vulnerability in Libtiff 4.0.7 The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. | 5.5 |
| 2017-04-09 | CVE-2017-7593 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. | 5.5 |
| 2017-04-09 | CVE-2017-7591 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | 6.1 |
| 2017-04-09 | CVE-2017-7590 | Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | 6.1 |
| 2017-04-09 | CVE-2017-7589 | Information Exposure vulnerability in Openidm Project Openidm 4.0.0/4.5.0 In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. | 6.5 |
| 2017-04-07 | CVE-2017-0586 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0585 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0584 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-04-07 | CVE-2017-0560 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. | 5.5 |