Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2017-15221 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ASX to MP3 Converter Project ASX to MP3 Converter 3.1.3.7 ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324. | 7.8 |
| 2017-10-16 | CVE-2017-15383 | Unquoted Search Path or Element vulnerability in Nero 7.10.1.0 Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. | 7.8 |
| 2017-10-16 | CVE-2017-15297 | Improper Authentication vulnerability in SAP Host Agent 7.21 SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. | 7.5 |
| 2017-10-16 | CVE-2017-15296 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management The Java component in SAP CRM has CSRF. | 8.8 |
| 2017-10-16 | CVE-2016-4461 | Improper Input Validation vulnerability in multiple products Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | 8.8 |
| 2017-10-16 | CVE-2014-9147 | Information Exposure vulnerability in Fiyo CMS Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | 7.5 |
| 2017-10-16 | CVE-2014-7851 | Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | 7.5 |
| 2017-10-16 | CVE-2017-15369 | Use After Free vulnerability in Artifex Mupdf The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-10-16 | CVE-2017-15368 | Out-of-bounds Read vulnerability in Radare Radare2 2.0.0 The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. | 7.8 |
| 2017-10-16 | CVE-2017-15303 | Out-of-bounds Write vulnerability in Cpuid Cpu-Z 1.42 In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41). | 7.8 |