Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-23 | CVE-2016-2564 | Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. | 5.9 |
| 2017-04-23 | CVE-2017-8071 | Improper Resource Shutdown or Release vulnerability in Linux Kernel drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. | 5.5 |
| 2017-04-22 | CVE-2017-8056 | XXE vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. | 5.3 |
| 2017-04-22 | CVE-2017-8055 | Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. | 5.3 |
| 2017-04-22 | CVE-2017-8054 | Infinite Loop vulnerability in Podofo Project Podofo 0.9.5 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. | 5.5 |
| 2017-04-22 | CVE-2017-8053 | Infinite Loop vulnerability in Podofo Project Podofo 0.9.5 PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). | 5.5 |
| 2017-04-22 | CVE-2017-8052 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2974 allows XSS attacks. | 6.1 |
| 2017-04-21 | CVE-2016-3702 | Information Exposure vulnerability in Redhat Cloudforms Management Engine 5.0 Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | 5.3 |
| 2017-04-21 | CVE-2016-1519 | Improper Certificate Validation vulnerability in Grandstream Wave 1.0.1.26 The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | 5.9 |
| 2017-04-21 | CVE-2016-1221 | Improper Certificate Validation vulnerability in Jetstar 2.4.1 Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |