Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-27 | CVE-2015-8903 | Infinite Loop vulnerability in Imagemagick The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | 6.5 |
| 2017-02-27 | CVE-2015-8902 | Infinite Loop vulnerability in Imagemagick The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | 6.5 |
| 2017-02-27 | CVE-2015-8901 | Infinite Loop vulnerability in Imagemagick ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | 6.5 |
| 2017-02-27 | CVE-2015-8900 | Infinite Loop vulnerability in Imagemagick The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | 5.5 |
| 2017-02-27 | CVE-2016-8105 | Unspecified vulnerability in Intel X710 Series Driver and Xl710 Series Driver Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. low complexity intel | 6.5 |
| 2017-02-27 | CVE-2017-6344 | XXE vulnerability in Grails PDF Plugin 0.6 XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 5.9 |
| 2017-02-27 | CVE-2017-6341 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | 5.9 |
| 2017-02-27 | CVE-2017-6297 | Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3 The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | 5.9 |
| 2017-02-24 | CVE-2016-5027 | NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf 20160115 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. | 5.5 |
| 2017-02-24 | CVE-2016-4493 | Out-of-bounds Read vulnerability in GNU Libiberty The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. | 5.5 |