Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2017-9471 Out-of-bounds Read vulnerability in multiple products
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
ytnef-project canonical CWE-125
5.5
2017-06-07 CVE-2017-9470 NULL Pointer Dereference vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
local
low complexity
ytnef-project CWE-476
5.5
2017-06-06 CVE-2017-9461 Infinite Loop vulnerability in multiple products
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
network
low complexity
samba redhat debian CWE-835
6.5
2017-06-06 CVE-2016-9960 Divide By Zero vulnerability in multiple products
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
5.5
2017-06-06 CVE-2016-5004 Resource Exhaustion vulnerability in Apache Ws-Xmlrpc 3.1.3
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
network
low complexity
apache CWE-400
6.5
2017-06-06 CVE-2016-3077 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Ovirt-Engine
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
network
low complexity
redhat CWE-119
6.5
2017-06-06 CVE-2016-3066 Information Exposure vulnerability in Spice-Gtk Project Spice-Gtk
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
network
low complexity
spice-gtk-project CWE-200
6.5
2017-06-06 CVE-2016-2192 Improper Privilege Management vulnerability in Pl/Java Project Pl/Java
PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.
network
low complexity
pl-java-project CWE-269
6.5
2017-06-06 CVE-2016-0767 Improper Privilege Management vulnerability in Pl/Java Project Pl/Java
PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.
network
low complexity
pl-java-project CWE-269
6.5
2017-06-06 CVE-2015-3830 Improper Input Validation vulnerability in Google Android
The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
network
low complexity
google CWE-20
6.5