Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-10 | CVE-2017-12800 | NULL Pointer Dereference vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12783 | Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12782 | Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12781 | NULL Pointer Dereference vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12780 | Use After Free vulnerability in Matroska Libebml2, Mkclean and Mkvalidator The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-12779 | NULL Pointer Dereference vulnerability in Matroska Mkvalidator 0.5.1 The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 6.5 |
| 2017-11-10 | CVE-2017-11461 | Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 5.1 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | 4.3 |
| 2017-11-09 | CVE-2017-16759 | Path Traversal vulnerability in Librenms The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | 5.9 |
| 2017-11-09 | CVE-2017-16758 | Cross-site Scripting vulnerability in Ultimate Instagram Feed Project Ultimate Instagram Feed Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter. | 4.8 |
| 2017-11-09 | CVE-2017-16711 | NULL Pointer Dereference vulnerability in Swftools 0.9.2 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender. | 5.5 |