Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-22 | CVE-2017-2513 | Use After Free vulnerability in Apple products An issue was discovered in certain Apple products. | 9.8 |
| 2017-05-21 | CVE-2017-9119 | Resource Exhaustion vulnerability in multiple products The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | 9.8 |
| 2017-05-21 | CVE-2017-9117 | Out-of-bounds Read vulnerability in multiple products In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. | 9.8 |
| 2017-05-21 | CVE-2017-9101 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 9.8 |
| 2017-05-19 | CVE-2017-7504 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | 9.8 |
| 2017-05-19 | CVE-2017-6027 | Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server 2.3 An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 9.8 |
| 2017-05-19 | CVE-2017-6025 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys web Server 2.3 A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. | 9.8 |
| 2017-05-19 | CVE-2017-5174 | Unspecified vulnerability in Geutebruck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12 An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. | 9.8 |
| 2017-05-19 | CVE-2017-5173 | OS Command Injection vulnerability in Geutebrueck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12 An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. | 9.8 |
| 2017-05-18 | CVE-2017-6622 | Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. | 9.8 |