Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-04 CVE-2017-16528 Use After Free vulnerability in multiple products
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical CWE-416
6.6
2017-11-04 CVE-2017-16527 Use After Free vulnerability in multiple products
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-416
6.6
2017-11-04 CVE-2017-16525 Use After Free vulnerability in multiple products
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
low complexity
linux debian canonical CWE-416
6.6
2017-11-03 CVE-2017-14359 Cross-site Scripting vulnerability in HP Performance Center 12.20
A potential security vulnerability has been identified in HPE Performance Center versions 12.20.
network
low complexity
hp CWE-79
5.4
2017-11-03 CVE-2017-1000157 Information Exposure vulnerability in Mahara
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
network
high complexity
mahara CWE-200
4.4
2017-11-03 CVE-2017-1000156 Improper Privilege Management vulnerability in Mahara
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
network
low complexity
mahara CWE-269
6.5
2017-11-03 CVE-2017-1000155 Information Exposure vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
network
low complexity
mahara CWE-200
4.3
2017-11-03 CVE-2017-1000149 Cross-site Scripting vulnerability in Mahara
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
network
low complexity
mahara CWE-79
5.4
2017-11-03 CVE-2017-1000147 Cross-Site Request Forgery (CSRF) vulnerability in Mahara
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget.
network
low complexity
mahara CWE-352
6.8
2017-11-03 CVE-2017-1000146 Cross-site Scripting vulnerability in Mahara
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
network
low complexity
mahara CWE-79
5.4