Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-01 CVE-2017-8374 Out-of-bounds Read vulnerability in Underbit MAD Libmad 0.15.1B
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
local
low complexity
underbit CWE-125
5.5
2017-05-01 CVE-2017-8372 Reachable Assertion vulnerability in Underbit MAD Libmad 0.15.1B
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
local
high complexity
underbit CWE-617
4.7
2017-05-01 CVE-2016-10351 Information Exposure vulnerability in Telegram Desktop Telegram Desktop 0.10.19
Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.
local
low complexity
telegram-desktop CWE-200
5.5
2017-05-01 CVE-2016-10350 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
libarchive CWE-119
5.5
2017-05-01 CVE-2016-10349 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
libarchive CWE-119
5.5
2017-04-30 CVE-2017-8371 Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
schneider-electric CWE-522
6.8
2017-04-30 CVE-2017-8365 Out-of-bounds Read vulnerability in multiple products
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-125
6.5
2017-04-30 CVE-2017-8363 Out-of-bounds Read vulnerability in multiple products
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-125
6.5
2017-04-30 CVE-2017-8362 Out-of-bounds Read vulnerability in multiple products
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-125
6.5
2017-04-30 CVE-2017-8357 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
network
low complexity
imagemagick debian CWE-772
6.5