Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-16532 |
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16531 |
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16530 |
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16529 |
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16528 |
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16527 |
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16526 |
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-16525 |
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-14359 |
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1000171 |
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2017-1000157 |
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1000156 |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2017-1000155 |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-1000154 |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000153 |
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. Published: November 03, 2017; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000152 |
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings. Published: November 03, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000151 |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. Published: November 03, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-1000150 |
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. Published: November 03, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-1000149 |
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) Published: November 03, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1000148 |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. Published: November 03, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |