Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-07 CVE-2017-12794 Cross-site Scripting vulnerability in Djangoproject Django
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page.
network
low complexity
djangoproject CWE-79
6.1
2017-09-07 CVE-2017-12416 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.
network
low complexity
paloaltonetworks CWE-79
6.1
2017-09-07 CVE-2017-12133 Use After Free vulnerability in GNU Glibc
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
network
high complexity
gnu CWE-416
5.9
2017-09-07 CVE-2017-14175 Excessive Iteration vulnerability in multiple products
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
imagemagick debian canonical CWE-834
6.5
2017-09-07 CVE-2017-14174 Excessive Iteration vulnerability in multiple products
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
imagemagick canonical debian CWE-834
6.5
2017-09-07 CVE-2017-14173 Infinite Loop vulnerability in multiple products
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected.
network
low complexity
imagemagick debian canonical CWE-835
6.5
2017-09-07 CVE-2017-14172 Excessive Iteration vulnerability in multiple products
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
imagemagick debian canonical CWE-834
6.5
2017-09-07 CVE-2017-14171 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
ffmpeg CWE-834
6.5
2017-09-07 CVE-2017-14170 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
ffmpeg CWE-834
6.5
2017-09-06 CVE-2015-8316 Improper Validation of Array Index vulnerability in Lightdm Project Lightdm
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.
network
high complexity
lightdm-project CWE-129
5.9