Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-03 | CVE-2016-9086 | Information Exposure vulnerability in Gitlab GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. | 6.5 |
| 2016-11-03 | CVE-2016-4025 | 7PK - Security Features vulnerability in Avast products Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. | 5.5 |
| 2016-10-31 | CVE-2016-8879 | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf and Reader The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. | 6.5 |
| 2016-10-31 | CVE-2016-8875 | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." | 5.3 |
| 2016-10-31 | CVE-2016-7965 | Improper Input Validation vulnerability in Dokuwiki DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. | 6.5 |
| 2016-10-30 | CVE-2016-9118 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2 Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | 5.3 |
| 2016-10-30 | CVE-2016-9117 | NULL Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2 NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. | 6.5 |
| 2016-10-30 | CVE-2016-9116 | NULL Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2 NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. | 6.5 |
| 2016-10-30 | CVE-2016-9115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2 Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. | 6.5 |
| 2016-10-29 | CVE-2016-5920 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |