Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-01 | CVE-2017-8374 | Out-of-bounds Read vulnerability in Underbit MAD Libmad 0.15.1B The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 5.5 |
| 2017-05-01 | CVE-2017-8372 | Reachable Assertion vulnerability in Underbit MAD Libmad 0.15.1B The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. | 4.7 |
| 2017-05-01 | CVE-2016-10351 | Information Exposure vulnerability in Telegram Desktop Telegram Desktop 0.10.19 Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 5.5 |
| 2017-05-01 | CVE-2016-10350 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2 The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 5.5 |
| 2017-05-01 | CVE-2016-10349 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 5.5 |
| 2017-04-30 | CVE-2017-8371 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 6.8 |
| 2017-04-30 | CVE-2017-8365 | Out-of-bounds Read vulnerability in multiple products The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | 6.5 |
| 2017-04-30 | CVE-2017-8363 | Out-of-bounds Read vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 6.5 |
| 2017-04-30 | CVE-2017-8362 | Out-of-bounds Read vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | 6.5 |
| 2017-04-30 | CVE-2017-8357 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |