Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-15908 | Infinite Loop vulnerability in multiple products In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | 7.5 |
| 2017-10-26 | CVE-2017-7341 | OS Command Injection vulnerability in Fortinet Fortiwlc An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | 7.2 |
| 2017-10-26 | CVE-2017-15882 | Resource Exhaustion vulnerability in Londontrustmedia Private Internet Access The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. | 7.5 |
| 2017-10-25 | CVE-2017-12705 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webop A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. | 7.8 |
| 2017-10-24 | CVE-2017-15880 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | 7.2 |
| 2017-10-24 | CVE-2017-15879 | Improper Input Validation vulnerability in Keystonejs Keystone 4.0.0 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | 8.8 |
| 2017-10-24 | CVE-2017-1583 | Information Exposure vulnerability in IBM Liberty 3.13 IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | 7.5 |
| 2017-10-24 | CVE-2017-1523 | Missing Authentication for Critical Function vulnerability in IBM Infosphere Master Data Management 11.5 IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. | 7.5 |
| 2017-10-24 | CVE-2017-1375 | Inadequate Encryption Strength vulnerability in IBM Storwize Unified V7000 Software 1.5/1.6 IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-10-24 | CVE-2017-1210 | Improper Input Validation vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. | 7.5 |