Latest CVE Feed
-
7.8
HIGHCVE-2017-8072
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8071
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8070
drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by ... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8069
drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8068
drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8067
drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecifi... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8066
drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8065
crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8064
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly ... Read more
- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8063
drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact b... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8062
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspe... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-8061
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly ... Read more
Affected Products : linux_kernel- Published: Apr. 23, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including ma... Read more
Affected Products : fireware- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames.... Read more
Affected Products : fireware- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8054
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.... Read more
Affected Products : podofo- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-8053
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).... Read more
Affected Products : podofo- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-8052
Craft CMS before 2.6.2974 allows XSS attacks.... Read more
Affected Products : craft_cms- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.... Read more
Affected Products : exponent_cms- Published: Apr. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-9954
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.... Read more
Affected Products : irregex- Published: Apr. 21, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.... Read more
Affected Products : php- Published: Apr. 21, 2017
- Modified: Apr. 20, 2025