Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-29 CVE-2017-13730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
network
low complexity
gnu CWE-119
6.5
6.5
2017-08-29 CVE-2017-13729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0.
network
low complexity
gnu CWE-119
6.5
6.5
2017-08-29 CVE-2017-13727 Reachable Assertion vulnerability in Libtiff 4.0.8
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag.
network
low complexity
libtiff CWE-617
6.5
6.5
2017-08-29 CVE-2017-13726 Reachable Assertion vulnerability in Libtiff 4.0.8
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag.
network
low complexity
libtiff CWE-617
6.5
6.5
2017-08-29 CVE-2017-13685 Improper Input Validation vulnerability in Sqlite 3.20.0
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
local
low complexity
sqlite CWE-20
5.5
5.5
2017-08-29 CVE-2017-2258 Path Traversal vulnerability in Cybozu Garoon 4.2.4/4.2.5
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
network
low complexity
cybozu CWE-22
4.3
4.3
2017-08-29 CVE-2017-2257 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-08-29 CVE-2017-2256 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
network
low complexity
cybozu CWE-79
5.4
5.4
2017-08-29 CVE-2017-2255 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
network
low complexity
cybozu CWE-79
5.4
5.4
2017-08-29 CVE-2017-2254 Improper Input Validation vulnerability in Cybozu Garoon
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
network
low complexity
cybozu CWE-20
4.9
4.9