Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-25 | CVE-2015-9101 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 5.5 |
| 2017-06-25 | CVE-2015-9100 | NULL Pointer Dereference vulnerability in Lame Project Lame 3.99.5 The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | 5.5 |
| 2017-06-25 | CVE-2015-9099 | Out-of-bounds Read vulnerability in Lame Project Lame 3.99.5 The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. | 5.5 |
| 2017-06-25 | CVE-2017-9868 | Information Exposure vulnerability in multiple products In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | 5.5 |
| 2017-06-25 | CVE-2017-9865 | Out-of-bounds Read vulnerability in multiple products The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | 5.5 |
| 2017-06-24 | CVE-2017-9847 | Out-of-bounds Read vulnerability in Libtorrent 1.1.3 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 5.5 |
| 2017-06-24 | CVE-2017-9836 | Cross-site Scripting vulnerability in Piwigo 2.9.1 Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album). | 4.8 |
| 2017-06-24 | CVE-2017-9832 | Integer Overflow or Wraparound vulnerability in Libmtp Project Libmtp An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. | 6.8 |
| 2017-06-24 | CVE-2017-9831 | Integer Overflow or Wraparound vulnerability in Libmtp Project Libmtp 1.1.12 An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. | 6.8 |
| 2017-06-23 | CVE-2017-1349 | Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. | 5.5 |