Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-01 | CVE-2017-14107 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. | 6.5 |
| 2017-09-01 | CVE-2017-14106 | Divide By Zero vulnerability in Linux Kernel The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. | 5.5 |
| 2017-09-01 | CVE-2017-3898 | Improper Input Validation vulnerability in Mcafee Livesafe 14.0/16.0.2 A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | 5.9 |
| 2017-09-01 | CVE-2017-13672 | Out-of-bounds Read vulnerability in multiple products QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. | 5.5 |
| 2017-09-01 | CVE-2017-12870 | Information Exposure vulnerability in Simplesamlphp SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | 5.9 |
| 2017-08-31 | CVE-2015-7711 | Cross-site Scripting vulnerability in Atutor Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | 6.1 |
| 2017-08-31 | CVE-2015-5695 | Resource Exhaustion vulnerability in Openstack Designate 1.0.0.0B1/1.0.0A0/2015.1.0 Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set. | 6.5 |
| 2017-08-31 | CVE-2014-8677 | Improper Access Control vulnerability in Soplanning The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | 5.3 |
| 2017-08-31 | CVE-2014-8676 | Path Traversal vulnerability in Soplanning Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. | 5.3 |
| 2017-08-31 | CVE-2017-7855 | Cross-site Scripting vulnerability in Icewarp Server 11.3.1.5 In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | 6.1 |