Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-14418 | Insufficiently Protected Credentials vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. | 8.1 |
| 2017-09-13 | CVE-2017-12612 | Deserialization of Untrusted Data vulnerability in Apache Spark In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. | 7.8 |
| 2017-09-13 | CVE-2016-8744 | Deserialization of Untrusted Data vulnerability in Apache Brooklyn Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. | 8.8 |
| 2017-09-13 | CVE-2016-8737 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. | 8.8 |
| 2017-09-13 | CVE-2017-7441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20 In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. | 7.8 |
| 2017-09-13 | CVE-2017-6008 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. | 7.8 |
| 2017-09-13 | CVE-2017-14398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Razer Synapse 2.20.15.1104 rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. | 7.8 |
| 2017-09-13 | CVE-2017-11350 | Cross-Site Request Forgery (CSRF) vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14 Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | 8.8 |
| 2017-09-13 | CVE-2017-14412 | Out-of-bounds Write vulnerability in Mp3Gain 1.5.2 An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. | 7.8 |
| 2017-09-13 | CVE-2017-14411 | Out-of-bounds Write vulnerability in Mp3Gain 1.5.2 A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. | 7.8 |