Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-02 | CVE-2017-14114 | Information Exposure vulnerability in Rtpproxy 2.2 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. | 6.5 |
| 2017-09-01 | CVE-2017-12872 | Information Exposure vulnerability in multiple products The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. | 5.9 |
| 2017-09-01 | CVE-2017-12871 | Inadequate Encryption Strength vulnerability in Simplesamlphp The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | 5.9 |
| 2017-09-01 | CVE-2017-12693 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | 6.5 |
| 2017-09-01 | CVE-2017-12692 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | 6.5 |
| 2017-09-01 | CVE-2017-12691 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 6.5 |
| 2017-09-01 | CVE-2016-1895 | Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 6.5 |
| 2017-09-01 | CVE-2017-14107 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. | 6.5 |
| 2017-09-01 | CVE-2017-14106 | Divide By Zero vulnerability in Linux Kernel The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. | 5.5 |
| 2017-09-01 | CVE-2017-3898 | Improper Input Validation vulnerability in Mcafee Livesafe 14.0/16.0.2 A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | 5.9 |