Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-2318 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
network
low complexity
juniper CWE-200
6.5
2017-04-24 CVE-2017-2316 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
local
low complexity
juniper CWE-119
6.5
2017-04-24 CVE-2017-2312 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process.
network
low complexity
juniper CWE-772
6.5
2017-04-24 CVE-2017-8085 Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
network
low complexity
exponentcms CWE-79
6.1
2017-04-24 CVE-2017-7944 Cross-site Scripting vulnerability in Xoops 2.5.8.1
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
network
low complexity
xoops CWE-79
6.1
2017-04-24 CVE-2017-8082 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI.
network
low complexity
concretecms CWE-352
6.5
2017-04-24 CVE-2015-0107 Path Traversal vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
network
low complexity
ibm CWE-22
6.5
2017-04-24 CVE-2010-5329 Resource Management Errors vulnerability in Linux Kernel
The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value.
local
low complexity
linux CWE-399
5.5
2017-04-24 CVE-2010-5321 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.
low complexity
linux CWE-772
4.3
2017-04-23 CVE-2017-8078 Improper Authentication vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd).
network
low complexity
tp-link CWE-287
5.3