Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-11 CVE-2017-14270 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.40
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."
local
low complexity
xnview CWE-119
7.8
2017-09-11 CVE-2017-14153 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jungo Windriver
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier.
local
low complexity
jungo CWE-119
7.8
2017-09-11 CVE-2017-14075 Out-of-bounds Write vulnerability in Jungo Windriver
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier.
local
low complexity
jungo CWE-787
7.8
2017-09-11 CVE-2017-14267 Cross-Site Request Forgery (CSRF) vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
network
low complexity
ee CWE-352
8.8
2017-09-11 CVE-2017-14263 Session Fixation vulnerability in Honeywell products
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI.
network
high complexity
honeywell CWE-384
8.1
2017-09-11 CVE-2017-14262 Inadequate Encryption Strength vulnerability in Samsung products
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
network
high complexity
samsung CWE-326
8.1
2017-09-11 CVE-2017-14261 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bento4 1.5.0616
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability.
local
low complexity
bento4 CWE-119
7.8
2017-09-11 CVE-2017-14260 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Axiosys Bento4 1.5.0616
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability.
local
low complexity
axiosys CWE-119
7.8
2017-09-11 CVE-2017-14259 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bento4 1.5.0616
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability.
local
low complexity
bento4 CWE-119
7.8
2017-09-11 CVE-2017-14258 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bento4 1.5.0616
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability.
local
low complexity
bento4 CWE-119
7.8