Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-14 | CVE-2017-17683 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | 7.5 |
| 2017-12-13 | CVE-2017-7738 | Information Exposure vulnerability in Fortinet Fortios An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | 7.2 |
| 2017-12-13 | CVE-2017-17665 | Missing Authorization vulnerability in Octopus Deploy In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. | 8.8 |
| 2017-12-13 | CVE-2017-1635 | Use After Free vulnerability in IBM Tivoli Monitoring IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. | 8.0 |
| 2017-12-13 | CVE-2017-17537 | Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5 MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | 7.5 |
| 2017-12-13 | CVE-2017-17615 | SQL Injection vulnerability in Facebook Clone Script Project Facebook Clone Script 1.0 Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | 8.8 |
| 2017-12-13 | CVE-2017-17593 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Chatting System Project Simple Chatting System 1.0 Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | 7.5 |
| 2017-12-13 | CVE-2017-17568 | Incorrect Permission Assignment for Critical Resource vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | 7.5 |
| 2017-12-13 | CVE-2017-17567 | SQL Injection vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | 7.5 |
| 2017-12-13 | CVE-2017-17538 | Unspecified vulnerability in Mikrotik Router Firmware 6.40.5 MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | 7.5 |