Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-08 | CVE-2017-12824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Inpage Special crafted InPage document leads to arbitrary code execution in InPage reader. | 7.8 |
| 2017-11-08 | CVE-2017-16660 | Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27 Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | 7.2 |
| 2017-11-08 | CVE-2017-16659 | Incorrect Permission Assignment for Critical Resource vulnerability in Anti-Spam Smtp Proxy Project Anti-Spam Smtp Proxy 1.9.8.13030 The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | 7.8 |
| 2017-11-07 | CVE-2017-16642 | Out-of-bounds Read vulnerability in multiple products In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. | 7.5 |
| 2017-11-07 | CVE-2017-16641 | OS Command Injection vulnerability in Cacti 1.1.27 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 7.2 |
| 2017-11-07 | CVE-2017-2917 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2916 | Link Following vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2915 | Unspecified vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. low complexity meetcircle | 8.0 |
| 2017-11-07 | CVE-2017-2914 | Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. | 8.1 |
| 2017-11-07 | CVE-2017-2909 | Infinite Loop vulnerability in Cesanta Mongoose 6.8 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. | 7.5 |