Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2017-9471 | Out-of-bounds Read vulnerability in multiple products In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 5.5 |
| 2017-06-07 | CVE-2017-9470 | NULL Pointer Dereference vulnerability in Ytnef Project Ytnef 1.9.2 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | 5.5 |
| 2017-06-06 | CVE-2017-9461 | Infinite Loop vulnerability in multiple products smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 6.5 |
| 2017-06-06 | CVE-2016-9960 | Divide By Zero vulnerability in multiple products game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | 5.5 |
| 2017-06-06 | CVE-2016-5004 | Resource Exhaustion vulnerability in Apache Ws-Xmlrpc 3.1.3 The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. | 6.5 |
| 2017-06-06 | CVE-2016-3077 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redhat Ovirt-Engine The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | 6.5 |
| 2017-06-06 | CVE-2016-3066 | Information Exposure vulnerability in Spice-Gtk Project Spice-Gtk The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | 6.5 |
| 2017-06-06 | CVE-2016-2192 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | 6.5 |
| 2017-06-06 | CVE-2016-0767 | Improper Privilege Management vulnerability in Pl/Java Project Pl/Java PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. | 6.5 |
| 2017-06-06 | CVE-2015-3830 | Improper Input Validation vulnerability in Google Android The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | 6.5 |