Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-05 | CVE-2017-17066 | Out-of-bounds Read vulnerability in multiple products The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug. | 7.5 |
| 2017-12-05 | CVE-2017-16929 | Path Traversal vulnerability in Claymore Dual Miner Project Claymore Dual Miner 10.1 The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. | 8.1 |
| 2017-12-04 | CVE-2017-15889 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | 8.8 |
| 2017-12-04 | CVE-2017-12079 | Information Exposure vulnerability in Synology Photo Station Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | 7.5 |
| 2017-12-04 | CVE-2017-17056 | Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280 The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. | 8.8 |
| 2017-12-04 | CVE-2017-17130 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2 The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv. | 8.8 |
| 2017-12-04 | CVE-2017-17129 | NULL Pointer Dereference vulnerability in Libav 12.2 The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2017-12-04 | CVE-2017-17126 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1 The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. | 7.8 |
| 2017-12-04 | CVE-2017-17125 | Out-of-bounds Read vulnerability in GNU Binutils 2.29.1 nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
| 2017-12-04 | CVE-2017-17124 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1 The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | 7.8 |