Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-02 | CVE-2017-9408 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9407 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9406 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9405 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9404 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-9403 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-06-02 | CVE-2017-0896 | Missing Authorization vulnerability in Zulip Server Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 6.5 |
| 2017-06-02 | CVE-2017-9378 | Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. | 6.5 |
| 2017-06-02 | CVE-2017-6039 | Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86 A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. | 5.3 |
| 2017-06-02 | CVE-2017-9366 | Cross-site Scripting vulnerability in Epesi Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 4.8 |