Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-13 | CVE-2016-0787 | Information Exposure vulnerability in multiple products The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | 4.3 |
| 2016-04-13 | CVE-2016-0757 | Improper Access Control vulnerability in Openstack Image Registry and Delivery Service (Glance) 11.0.0/11.0.1/2015.1.2 OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. | 4.3 |
| 2016-04-13 | CVE-2016-0739 | Information Exposure vulnerability in multiple products libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | 4.3 |
| 2016-04-13 | CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | 5.0 |
| 2016-04-13 | CVE-2015-8784 | Out-of-bounds Write vulnerability in multiple products The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. | 4.3 |
| 2016-04-13 | CVE-2015-8683 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. | 4.3 |
| 2016-04-13 | CVE-2015-8665 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6 tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. | 4.3 |
| 2016-04-13 | CVE-2015-3146 | Denial of Service vulnerability in libssh The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | 5.0 |
| 2016-04-13 | CVE-2015-1547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | 4.3 |
| 2016-04-13 | CVE-2014-9655 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. | 4.3 |