Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2017-3935 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. | 7.5 |
| 2017-10-31 | CVE-2017-15950 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.1.16 Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. | 7.8 |
| 2017-10-30 | CVE-2017-14919 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | 7.5 |
| 2017-10-30 | CVE-2014-0072 | Improper Input Validation vulnerability in Apache Cordova and Cordova File Transfer ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | 7.5 |
| 2017-10-30 | CVE-2014-0115 | Path Traversal vulnerability in Apache Storm 0.9.0.1 Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-10-30 | CVE-2012-0881 | Resource Management Errors vulnerability in Apache Xerces2 Java 2.10.0/2.11.0/2.9.1 Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. | 7.5 |
| 2017-10-30 | CVE-2017-15921 | NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. | 7.5 |
| 2017-10-30 | CVE-2017-15920 | NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. | 7.5 |
| 2017-10-30 | CVE-2017-9450 | Improper Privilege Management vulnerability in Amazon web Services Cloudformation Bootstrap The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | 7.8 |
| 2017-10-30 | CVE-2017-9377 | OS Command Injection vulnerability in Barco products A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. | 8.8 |