Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2010-5329 | Resource Management Errors vulnerability in Linux Kernel The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. | 5.5 |
| 2017-04-24 | CVE-2010-5321 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. | 4.3 |
| 2017-04-23 | CVE-2017-8078 | Improper Authentication vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). | 5.3 |
| 2017-04-23 | CVE-2016-2564 | Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. | 5.9 |
| 2017-04-23 | CVE-2017-8071 | Improper Resource Shutdown or Release vulnerability in Linux Kernel drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. | 5.5 |
| 2017-04-22 | CVE-2017-8056 | XXE vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. | 5.3 |
| 2017-04-22 | CVE-2017-8055 | Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. | 5.3 |
| 2017-04-22 | CVE-2017-8054 | Infinite Loop vulnerability in Podofo Project Podofo 0.9.5 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. | 5.5 |
| 2017-04-22 | CVE-2017-8053 | Infinite Loop vulnerability in Podofo Project Podofo 0.9.5 PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). | 5.5 |
| 2017-04-22 | CVE-2017-8052 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2974 allows XSS attacks. | 6.1 |