Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-16 CVE-2015-8981 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
network
low complexity
podofo-project CWE-119
critical
9.8
2017-03-16 CVE-2017-6510 Path Traversal vulnerability in Efssoft Easy File Sharing FTP Server 3.6
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
network
low complexity
efssoft CWE-22
7.5
2017-03-16 CVE-2017-6381 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Drupal
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution.
network
high complexity
drupal CWE-829
8.1
2017-03-16 CVE-2017-6379 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF.
network
high complexity
drupal CWE-352
7.5
2017-03-16 CVE-2017-6377 Incorrect Authorization vulnerability in Drupal
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
network
low complexity
drupal CWE-863
7.5
2017-03-16 CVE-2016-10247 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc.
local
low complexity
artifex debian CWE-787
5.5
2017-03-16 CVE-2016-10246 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc.
local
low complexity
artifex debian CWE-787
5.5
2017-03-16 CVE-2017-6061 Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0.0.1933
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request.
network
low complexity
sap CWE-79
4.7
2017-03-16 CVE-2017-6023 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fatek products
An issue was discovered in Fatek Automation PLC Ethernet Module.
network
low complexity
fatek CWE-119
critical
9.8
2017-03-15 CVE-2017-3854 Improper Authentication vulnerability in Cisco products
A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology.
low complexity
cisco CWE-287
8.8