Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-14170 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 6.5 |
| 2017-09-06 | CVE-2015-8316 | Improper Validation of Array Index vulnerability in Lightdm Project Lightdm Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address. | 5.9 |
| 2017-09-06 | CVE-2015-7225 | 7PK - Security Features vulnerability in Tinfoilsecurity Devise-Two-Factor Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. | 5.3 |
| 2017-09-06 | CVE-2015-6250 | Information Exposure vulnerability in Simple-PHP-Captcha Project Simple-PHP-Captcha 1.0.0/1.0.1/20150831 simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. | 5.3 |
| 2017-09-06 | CVE-2015-5186 | Improper Input Validation vulnerability in Linux Audit Project Linux Audit Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. | 5.3 |
| 2017-09-06 | CVE-2015-3163 | Improper Access Control vulnerability in Redhat Beaker The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | 4.3 |
| 2017-09-06 | CVE-2015-3162 | Cross-site Scripting vulnerability in Beaker-Project Beaker 20.1 Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job. | 5.4 |
| 2017-09-06 | CVE-2015-3161 | Cross-site Scripting vulnerability in Beaker-Project Beaker The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | 4.8 |
| 2017-09-06 | CVE-2015-3160 | XXE vulnerability in Beaker-Project Beaker XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system. | 4.3 |
| 2017-09-06 | CVE-2015-2943 | Improper Certificate Validation vulnerability in Honda Moto Linc 1.6.1 Honda Moto LINC 1.6.1 does not verify SSL certificates. | 5.9 |