Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-01 | CVE-2017-16358 | Out-of-bounds Read vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | 7.8 |
| 2017-11-01 | CVE-2017-16357 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. | 7.8 |
| 2017-11-01 | CVE-2017-15918 | Insufficiently Protected Credentials vulnerability in Ignitum Sera 1.2 Sera 1.2 stores the user's login password in plain text in their home directory. | 7.8 |
| 2017-11-01 | CVE-2017-15566 | Untrusted Search Path vulnerability in Schedmd Slurm Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | 7.8 |
| 2017-11-01 | CVE-2017-16352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. | 8.8 |
| 2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 8.8 |
| 2017-11-01 | CVE-2017-16248 | Information Exposure vulnerability in Catalyst-Plugin-Static-Simple Project Catalyst-Plugin-Static-Simple The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character. | 7.5 |
| 2017-11-01 | CVE-2017-16244 | Cross-Site Request Forgery (CSRF) vulnerability in Octobercms October 1.0.426 Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. | 8.8 |
| 2017-11-01 | CVE-2017-14376 | Use of Hard-coded Credentials vulnerability in EMC Appsync EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 7.8 |
| 2017-10-31 | CVE-2017-10954 | Integer Overflow or Wraparound vulnerability in Bitdefender Internet Security 2018 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. | 8.8 |