Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-04 | CVE-2017-16531 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | 6.6 |
| 2017-11-04 | CVE-2017-16530 | Out-of-bounds Read vulnerability in Linux Kernel The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. | 6.6 |
| 2017-11-04 | CVE-2017-16529 | Out-of-bounds Read vulnerability in multiple products The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16528 | Use After Free vulnerability in multiple products sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16527 | Use After Free vulnerability in multiple products sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16525 | Use After Free vulnerability in multiple products The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | 6.6 |
| 2017-11-03 | CVE-2017-14359 | Cross-site Scripting vulnerability in HP Performance Center 12.20 A potential security vulnerability has been identified in HPE Performance Center versions 12.20. | 5.4 |
| 2017-11-03 | CVE-2017-1000157 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. | 4.4 |
| 2017-11-03 | CVE-2017-1000156 | Improper Privilege Management vulnerability in Mahara Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. | 6.5 |
| 2017-11-03 | CVE-2017-1000155 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. | 4.3 |