Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-17782 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | 8.8 |
| 2017-12-20 | CVE-2017-17774 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 admin/configuration.php in Piwigo 2.9.2 has CSRF. | 8.8 |
| 2017-12-19 | CVE-2017-17763 | Missing Encryption of Sensitive Data vulnerability in Liveqos Superbeam SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | 7.5 |
| 2017-12-19 | CVE-2017-17088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. | 7.5 |
| 2017-12-19 | CVE-2017-15049 | OS Command Injection vulnerability in Zoom The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |
| 2017-12-19 | CVE-2017-15048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |
| 2017-12-19 | CVE-2017-17758 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | 8.8 |
| 2017-12-19 | CVE-2017-17757 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. | 8.8 |
| 2017-12-19 | CVE-2017-15876 | Unrestricted Upload of File with Dangerous Type vulnerability in Sistemagpweb Gpweb 8.4.61 Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | 7.2 |
| 2017-12-19 | CVE-2017-11562 | Session Fixation vulnerability in MT4 Senhasegura 2.2.23.8 A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | 8.8 |