Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-04 | CVE-2017-14126 | Cross-site Scripting vulnerability in Xnau Participants Database 1.7.5.10 The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | 6.1 |
| 2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 5.5 |
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 5.9 |
| 2017-09-02 | CVE-2017-14114 | Information Exposure vulnerability in Rtpproxy 2.2 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. | 6.5 |
| 2017-09-01 | CVE-2017-12872 | Information Exposure vulnerability in multiple products The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. | 5.9 |
| 2017-09-01 | CVE-2017-12871 | Inadequate Encryption Strength vulnerability in Simplesamlphp The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | 5.9 |
| 2017-09-01 | CVE-2017-12693 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | 6.5 |
| 2017-09-01 | CVE-2017-12692 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | 6.5 |
| 2017-09-01 | CVE-2017-12691 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 6.5 |
| 2017-09-01 | CVE-2016-1895 | Use of Externally-Controlled Format String vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 6.5 |