Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-18 CVE-2017-6147 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.
network
high complexity
f5
5.9
2017-09-18 CVE-2017-0380 Information Exposure Through Log Files vulnerability in Torproject TOR
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
network
high complexity
torproject CWE-532
5.9
2017-09-18 CVE-2017-14534 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
network
low complexity
nexusphp-project CWE-79
6.1
2017-09-18 CVE-2017-12157 Information Exposure vulnerability in Moodle
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
network
low complexity
moodle CWE-200
4.3
2017-09-18 CVE-2017-12156 Cross-site Scripting vulnerability in Moodle
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
network
low complexity
moodle CWE-79
6.1
2017-09-18 CVE-2017-14533 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
network
low complexity
imagemagick canonical CWE-772
6.5
2017-09-18 CVE-2017-14531 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-09-18 CVE-2017-14529 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
local
low complexity
gnu CWE-125
5.5
2017-09-18 CVE-2017-14528 Use After Free vulnerability in multiple products
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
network
low complexity
imagemagick debian CWE-416
6.5
2017-09-17 CVE-2017-14517 NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
local
low complexity
freedesktop CWE-476
5.5