Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2017-8313 | Out-of-bounds Read vulnerability in Videolan VLC Media Player Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | 5.5 |
| 2017-05-23 | CVE-2017-8312 | Out-of-bounds Read vulnerability in multiple products Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | 5.5 |
| 2017-05-23 | CVE-2017-8310 | Out-of-bounds Read vulnerability in Videolan VLC Media Player Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | 5.5 |
| 2017-05-23 | CVE-2017-3128 | Cross-site Scripting vulnerability in Fortinet Fortios A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | 4.8 |
| 2017-05-23 | CVE-2017-9211 | NULL Pointer Dereference vulnerability in Linux Kernel The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. | 5.5 |
| 2017-05-23 | CVE-2017-5966 | Path Traversal vulnerability in Sitecore CRM 8.1 Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | 4.9 |
| 2017-05-23 | CVE-2017-5965 | Unspecified vulnerability in Sitecore CRM 8.1 The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. | 6.7 |
| 2017-05-23 | CVE-2017-9210 | Infinite Loop vulnerability in multiple products libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. | 5.5 |
| 2017-05-23 | CVE-2017-9209 | Infinite Loop vulnerability in multiple products libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | 5.5 |
| 2017-05-23 | CVE-2017-9208 | Infinite Loop vulnerability in multiple products libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | 5.5 |