Skip to main content
CVE-2017-9936 MEDIUM POC This Month

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
5.2%
CVE-2017-9937 MEDIUM POC This Month

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-6325 MEDIUM This Month

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Messaging Gateway
NVD
CVSS 3.0
6.6
EPSS
3.4%
CVE-2014-8127 MEDIUM This Month

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff Opensuse
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9145 MEDIUM PATCH This Month

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7416 MEDIUM PATCH This Month

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ntopng
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9929 MEDIUM PATCH This Month

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-9928 MEDIUM PATCH This Month

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-9954 MEDIUM PATCH This Month

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9955 MEDIUM PATCH This Month

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-1870 MEDIUM PATCH This Month

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Automatic Bug Reporting Tool
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3142 MEDIUM This Month

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Automatic Bug Reporting Tool
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy