Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-17 | CVE-2016-7511 | Integer Overflow or Wraparound vulnerability in Libdwarf Project Libdwarf 20160613 Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.5 |
| 2017-02-17 | CVE-2016-7510 | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | 6.5 |
| 2017-02-17 | CVE-2016-7111 | Cross-site Scripting vulnerability in Mantisbt MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.7 |
| 2017-02-17 | CVE-2016-6191 | Cross-site Scripting vulnerability in Alinto Sogo Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. | 6.1 |
| 2017-02-17 | CVE-2016-6190 | Information Exposure vulnerability in Inverse-Inc Sogo SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | 4.3 |
| 2017-02-17 | CVE-2016-6189 | Incomplete Blacklist vulnerability in Alinto Sogo Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | 4.3 |
| 2017-02-17 | CVE-2016-5364 | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | 6.1 |
| 2017-02-17 | CVE-2016-5037 | NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 6.5 |
| 2017-02-17 | CVE-2016-5035 | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 6.5 |
| 2017-02-17 | CVE-2016-5034 | Out-of-bounds Write vulnerability in Libdwarf Project Libdwarf dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | 6.5 |