Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-12 | CVE-2017-9125 | Out-of-bounds Read vulnerability in Libquicktime 1.2.4 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | 6.5 |
| 2017-06-12 | CVE-2017-9124 | NULL Pointer Dereference vulnerability in Libquicktime 1.2.4 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | 6.5 |
| 2017-06-12 | CVE-2017-9123 | Out-of-bounds Read vulnerability in Libquicktime 1.2.4 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | 6.5 |
| 2017-06-12 | CVE-2017-9122 | Infinite Loop vulnerability in Libquicktime 1.2.4 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | 6.5 |
| 2017-06-12 | CVE-2017-8871 | Infinite Loop vulnerability in multiple products The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | 6.5 |
| 2017-06-12 | CVE-2017-8834 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | 6.5 |
| 2017-06-11 | CVE-2017-9526 | Information Exposure vulnerability in Gnupg Libgcrypt In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. | 5.9 |
| 2017-06-09 | CVE-2017-5004 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 5.4 |
| 2017-06-09 | CVE-2017-5003 | Cross-site Scripting vulnerability in multiple products EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 6.1 |
| 2017-06-09 | CVE-2017-9525 | Link Following vulnerability in multiple products In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. | 6.7 |