Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-9041 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. | 5.5 |
| 2017-05-18 | CVE-2017-9040 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. | 5.5 |
| 2017-05-18 | CVE-2017-9039 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | 5.5 |
| 2017-05-18 | CVE-2017-9038 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. | 5.5 |
| 2017-05-17 | CVE-2017-4017 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | 5.3 |
| 2017-05-17 | CVE-2017-4016 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | 5.3 |
| 2017-05-17 | CVE-2017-4015 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | 4.5 |
| 2017-05-17 | CVE-2017-4013 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | 5.3 |
| 2017-05-17 | CVE-2017-4012 | Unspecified vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. | 6.5 |
| 2017-05-17 | CVE-2017-4011 | Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | 6.1 |