Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-3095 | Information Exposure vulnerability in multiple products server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 5.5 |
| 2017-06-08 | CVE-2016-3111 | Information Exposure vulnerability in Pulpproject Pulp pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running. | 5.5 |
| 2017-06-08 | CVE-2016-3107 | Improper Access Control vulnerability in Pulpproject Pulp The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | 5.5 |
| 2017-06-08 | CVE-2017-9330 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | 5.6 |
| 2017-06-08 | CVE-2017-9310 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | 5.6 |
| 2017-06-08 | CVE-2015-2255 | Data Processing Errors vulnerability in Huawei Ar1220 Firmware Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. | 5.9 |
| 2017-06-08 | CVE-2015-2253 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | 5.0 |
| 2017-06-08 | CVE-2014-6031 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. | 4.9 |
| 2017-06-08 | CVE-2014-4843 | Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | 5.3 |
| 2017-06-08 | CVE-2017-9520 | Use After Free vulnerability in Radare Radare2 1.5.0 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | 5.5 |