Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-12 | CVE-2017-16796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. | 7.8 |
| 2017-11-12 | CVE-2017-16793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools 0.9.2 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | 7.8 |
| 2017-11-11 | CVE-2017-16520 | Improper Privilege Management vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | 7.5 |
| 2017-11-10 | CVE-2017-16762 | Path Traversal vulnerability in Sanic Project Sanic Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | 7.5 |
| 2017-11-10 | CVE-2017-9758 | Improper Certificate Validation vulnerability in Savitech-Ic Savitech Driver Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | 7.4 |
| 2017-11-10 | CVE-2017-16249 | Unspecified vulnerability in Brother Dcp-J132W Firmware 1.20 The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. | 7.5 |
| 2017-11-10 | CVE-2017-12969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Contact Center Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 8.8 |
| 2017-11-09 | CVE-2017-16757 | Incorrect Permission Assignment for Critical Resource vulnerability in Hola VPN 1.34 Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | 7.8 |
| 2017-11-09 | CVE-2017-16651 | Files or Directories Accessible to External Parties vulnerability in multiple products Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. | 7.8 |
| 2017-11-09 | CVE-2017-16674 | Unspecified vulnerability in Datto Windows Agent 1.0.5.0 Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. high complexity datto | 8.0 |