Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2010-5329 Resource Management Errors vulnerability in Linux Kernel
The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value.
local
low complexity
linux CWE-399
5.5
2017-04-24 CVE-2010-5321 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.
low complexity
linux CWE-772
4.3
2017-04-23 CVE-2017-8078 Improper Authentication vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd).
network
low complexity
tp-link CWE-287
5.3
2017-04-23 CVE-2016-2564 Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag.
network
high complexity
invisioncommunity CWE-331
5.9
2017-04-23 CVE-2017-8071 Improper Resource Shutdown or Release vulnerability in Linux Kernel
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.
local
low complexity
linux CWE-404
5.5
2017-04-22 CVE-2017-8056 XXE vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent.
network
low complexity
watchguard CWE-611
5.3
2017-04-22 CVE-2017-8055 Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler.
network
low complexity
watchguard CWE-203
5.3
2017-04-22 CVE-2017-8054 Infinite Loop vulnerability in Podofo Project Podofo 0.9.5
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
local
low complexity
podofo-project CWE-835
5.5
2017-04-22 CVE-2017-8053 Infinite Loop vulnerability in Podofo Project Podofo 0.9.5
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).
local
low complexity
podofo-project CWE-835
5.5
2017-04-22 CVE-2017-8052 Cross-site Scripting vulnerability in Craftcms Craft CMS
Craft CMS before 2.6.2974 allows XSS attacks.
network
low complexity
craftcms CWE-79
6.1