Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-17 CVE-2017-12907 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
network
low complexity
nexusphp-project CWE-79
6.1
6.1
2017-08-17 CVE-2017-12445 Out-of-bounds Read vulnerability in Minidjvu Project Minidjvu 0.8
The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
network
low complexity
minidjvu-project CWE-125
6.5
6.5
2017-08-17 CVE-2017-12444 Out-of-bounds Read vulnerability in Minidjvu Project Minidjvu 0.8
The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
network
low complexity
minidjvu-project CWE-125
6.5
6.5
2017-08-17 CVE-2017-12443 Out-of-bounds Read vulnerability in Minidjvu Project Minidjvu 0.8
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
network
low complexity
minidjvu-project CWE-125
6.5
6.5
2017-08-17 CVE-2017-12442 Out-of-bounds Read vulnerability in Minidjvu Project Minidjvu 0.8
The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
network
low complexity
minidjvu-project CWE-125
6.5
6.5
2017-08-17 CVE-2017-12441 Out-of-bounds Read vulnerability in Minidjvu Project Minidjvu 0.8
The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
network
low complexity
minidjvu-project CWE-125
6.5
6.5
2017-08-17 CVE-2017-11664 Out-of-bounds Read vulnerability in Mindwerks Wildmidi 0.4.2
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
network
low complexity
mindwerks CWE-125
6.5
6.5
2017-08-17 CVE-2017-11663 Out-of-bounds Read vulnerability in Mindwerks Wildmidi 0.4.2
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
network
low complexity
mindwerks CWE-125
6.5
6.5
2017-08-16 CVE-2016-5858 Information Exposure vulnerability in Google Android
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.
local
high complexity
google CWE-200
4.7
4.7
2017-08-16 CVE-2016-5855 Information Exposure vulnerability in Google Android
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.
local
high complexity
google CWE-200
4.7
4.7