Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-3215 | Insufficient Session Expiration vulnerability in Milwaukee One-Key The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. | 5.3 |
| 2017-06-19 | CVE-2017-9762 | Use After Free vulnerability in Radare Radare2 1.5.0 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. | 5.5 |
| 2017-06-19 | CVE-2017-9761 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.5.0 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | 5.5 |
| 2017-06-19 | CVE-2017-1000377 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). | 5.9 |
| 2017-06-19 | CVE-2017-1000373 | Resource Exhaustion vulnerability in Openbsd The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. | 6.5 |
| 2017-06-19 | CVE-2017-1000369 | Improper Resource Shutdown or Release vulnerability in multiple products Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. | 4.0 |
| 2017-06-18 | CVE-2017-9668 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | 6.1 |
| 2017-06-17 | CVE-2017-1000380 | Information Exposure vulnerability in Linux Kernel sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | 5.5 |
| 2017-06-16 | CVE-2017-9503 | NULL Pointer Dereference vulnerability in multiple products QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. | 5.5 |
| 2017-06-16 | CVE-2017-9375 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. | 5.5 |