Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2017-6147 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. | 5.9 |
| 2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 5.9 |
| 2017-09-18 | CVE-2017-14534 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | 6.1 |
| 2017-09-18 | CVE-2017-12157 | Information Exposure vulnerability in Moodle In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | 4.3 |
| 2017-09-18 | CVE-2017-12156 | Cross-site Scripting vulnerability in Moodle Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | 6.1 |
| 2017-09-18 | CVE-2017-14533 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | 6.5 |
| 2017-09-18 | CVE-2017-14531 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | 6.5 |
| 2017-09-18 | CVE-2017-14529 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | 5.5 |
| 2017-09-18 | CVE-2017-14528 | Use After Free vulnerability in multiple products The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. | 6.5 |
| 2017-09-17 | CVE-2017-14517 | NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | 5.5 |