Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-06 CVE-2017-14016 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
6.3
2017-11-06 CVE-2017-15306 NULL Pointer Dereference vulnerability in Linux Kernel
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
local
low complexity
linux CWE-476
5.5
2017-11-06 CVE-2017-7425 Cross-site Scripting vulnerability in Netiq Imanager 3.0.3.2
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
network
low complexity
netiq CWE-79
6.1
2017-11-06 CVE-2015-7878 Cross-site Scripting vulnerability in Taxonomy Find Project Taxonomy Find
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
network
low complexity
taxonomy-find-project CWE-79
5.4
2017-11-06 CVE-2017-16569 Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
network
low complexity
zurmo CWE-601
4.8
2017-11-06 CVE-2017-16564 Cross-site Scripting vulnerability in Grandstream Ht802 Firmware
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
network
low complexity
grandstream CWE-79
5.4
2017-11-06 CVE-2017-15039 Cross-site Scripting vulnerability in Zurmo CRM 3.2.1.57987Acc3018
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
network
low complexity
zurmo CWE-79
4.8
2017-11-04 CVE-2017-16541 Information Exposure vulnerability in multiple products
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil.
network
low complexity
torproject redhat debian CWE-200
6.5
2017-11-04 CVE-2017-16539 Information Exposure vulnerability in Mobyproject Moby
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
network
high complexity
mobyproject CWE-200
5.9
2017-11-04 CVE-2017-16538 Improper Input Validation vulnerability in Linux Kernel
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
low complexity
linux CWE-20
6.6