Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2017-9219 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7 The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. | 5.5 |
| 2017-06-27 | CVE-2017-9218 | Out-of-bounds Read vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7 The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | 5.5 |
| 2017-06-26 | CVE-2017-9955 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | 5.5 |
| 2017-06-26 | CVE-2017-9954 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. | 5.5 |
| 2017-06-26 | CVE-2017-6325 | Code Injection vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. | 6.6 |
| 2017-06-26 | CVE-2015-3142 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. | 4.7 |
| 2017-06-26 | CVE-2015-1870 | Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. | 5.5 |
| 2017-06-26 | CVE-2014-8127 | Out-of-bounds Read vulnerability in multiple products LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. | 6.5 |
| 2017-06-26 | CVE-2017-9145 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | 6.1 |
| 2017-06-26 | CVE-2017-9937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. | 6.5 |