Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2017-9204 Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.1
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.
network
low complexity
entropymine CWE-125
6.5
2017-05-23 CVE-2017-9203 Out-of-bounds Write vulnerability in Entropymine Imageworsener 1.3.1
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.
network
low complexity
entropymine CWE-787
6.5
2017-05-23 CVE-2017-9202 Divide By Zero vulnerability in Entropymine Imageworsener 1.3.1
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
network
low complexity
entropymine CWE-369
6.5
2017-05-23 CVE-2017-9201 Divide By Zero vulnerability in Entropymine Imageworsener 1.3.1
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
network
low complexity
entropymine CWE-369
6.5
2017-05-23 CVE-2017-8379 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
local
low complexity
qemu debian redhat CWE-772
6.5
2017-05-23 CVE-2017-7288 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
synacor CWE-79
6.1
2017-05-23 CVE-2017-5870 Cross-site Scripting vulnerability in Vimbadmin 3.0.15
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
network
low complexity
vimbadmin CWE-79
5.4
2017-05-23 CVE-2016-7977 Information Exposure vulnerability in Artifex Ghostscript
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
local
low complexity
artifex CWE-200
5.5
2017-05-23 CVE-2015-8477 Cross-site Scripting vulnerability in Redmine
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
network
low complexity
redmine CWE-79
6.1
2017-05-23 CVE-2015-5382 Information Exposure vulnerability in Roundcube Webmail and Webmail
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
network
low complexity
roundcube CWE-200
6.5