Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-7274 | NULL Pointer Dereference vulnerability in Radare Radare2 1.3.0 The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | 5.5 |
| 2017-03-27 | CVE-2017-7273 | Unspecified vulnerability in Linux Kernel The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. low complexity linux | 6.6 |
| 2017-03-27 | CVE-2017-7271 | Cross-site Scripting vulnerability in YII Software YII 2.0.10 Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | 6.1 |
| 2017-03-27 | CVE-2017-6464 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | 6.5 |
| 2017-03-27 | CVE-2017-6463 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | 6.5 |
| 2017-03-27 | CVE-2017-6459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | 5.5 |
| 2017-03-27 | CVE-2015-8762 | NULL Pointer Dereference vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | 5.9 |
| 2017-03-27 | CVE-2015-8010 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | 6.1 |
| 2017-03-27 | CVE-2017-6878 | Cross-site Scripting vulnerability in Metinfo 5.3.15 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | 5.4 |
| 2017-03-27 | CVE-2017-5973 | Infinite Loop vulnerability in multiple products The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | 5.5 |