Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-20 CVE-2017-11473 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
local
low complexity
linux canonical CWE-120
7.8
7.8
2017-07-20 CVE-2017-11471 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
network
low complexity
idera CWE-89
7.5
7.5
2017-07-20 CVE-2017-11470 SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
network
low complexity
idera CWE-89
7.5
7.5
2017-07-20 CVE-2017-9765 Integer Overflow or Wraparound vulnerability in Genivia Gsoap
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy.
network
high complexity
genivia CWE-190
8.1
8.1
2017-07-19 CVE-2017-11465 Out-of-bounds Read vulnerability in Ruby-Lang Ruby 2.4.1
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y.
network
low complexity
ruby-lang CWE-125
7.5
7.5
2017-07-19 CVE-2017-11446 Infinite Loop vulnerability in Imagemagick 7.0.61
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. 		7.1
7.1
2017-07-19 CVE-2017-11445 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
network
low complexity
intelliants CWE-89
7.5
7.5
2017-07-19 CVE-2017-11444 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
network
low complexity
intelliants CWE-89
7.5
7.5
2017-07-19 CVE-2017-11436 Use of Hard-coded Credentials vulnerability in Dlink Dir-615 20.12Ptb01
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
network
low complexity
dlink CWE-798
7.5
7.5
2017-07-19 CVE-2017-11435 Information Exposure vulnerability in Humaxdigital Hg100R Firmware 2.0.6
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console.
network
low complexity
humaxdigital CWE-200
7.5
7.5