Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9408 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
freedesktop debian CWE-772
6.5
2017-06-02 CVE-2017-9407 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
network
low complexity
imagemagick CWE-772
6.5
2017-06-02 CVE-2017-9406 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
freedesktop debian CWE-772
6.5
2017-06-02 CVE-2017-9405 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
network
low complexity
imagemagick CWE-772
6.5
2017-06-02 CVE-2017-9404 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-02 CVE-2017-9403 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-02 CVE-2017-0896 Missing Authorization vulnerability in Zulip Server
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
network
low complexity
zulip CWE-862
6.5
2017-06-02 CVE-2017-9378 Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account.
network
low complexity
bigtreecms CWE-863
6.5
2017-06-02 CVE-2017-6039 Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87.
network
low complexity
phoenixbroadband CWE-798
5.3
2017-06-02 CVE-2017-9366 Cross-site Scripting vulnerability in Epesi
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
network
low complexity
epesi CWE-79
4.8