Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-29 | CVE-2017-13746 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | 7.5 |
2017-08-29 | CVE-2017-13745 | Reachable Assertion vulnerability in Jasper Project Jasper 2.0.12 There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. | 7.5 |
2017-08-29 | CVE-2017-13728 | Infinite Loop vulnerability in GNU Ncurses 6.0 There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. | 7.5 |
2017-08-29 | CVE-2017-3757 | Unquoted Search Path or Element vulnerability in EMC Elan Touchpad Driver An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). | 7.2 |
2017-08-29 | CVE-2017-3746 | Unspecified vulnerability in Lenovo Thinkpad USB 3.0 Ethernet Adapter Driver ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | 7.2 |
2017-08-29 | CVE-2017-1376 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Operations Analytics Predictive Insights A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. | 7.5 |
2017-08-29 | CVE-2017-10842 | SQL Injection vulnerability in Basercms SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2017-08-28 | CVE-2017-13716 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.29 The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). | 7.1 |
2017-08-28 | CVE-2015-8300 | Permission Issues vulnerability in Polycom Btoe Connector Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | 7.2 |
2017-08-28 | CVE-2017-12840 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deslock Deslock+ A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. | 7.2 |