Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-03 | CVE-2017-8820 | NULL Pointer Dereference vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | 7.5 |
| 2017-12-03 | CVE-2017-8819 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. | 7.5 |
| 2017-12-02 | CVE-2017-17095 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.9 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. | 8.8 |
| 2017-12-02 | CVE-2017-17091 | Use of Insufficiently Random Values vulnerability in Wordpress wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | 8.8 |
| 2017-12-02 | CVE-2017-17090 | Incomplete Cleanup vulnerability in Digium Certified Asterisk An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. | 7.5 |
| 2017-12-01 | CVE-2017-16953 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | 7.5 |
| 2017-12-01 | CVE-2017-16895 | Incorrect Permission Assignment for Critical Resource vulnerability in Arqbackup ARQ The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | 7.8 |
| 2017-12-01 | CVE-2017-16612 | Integer Overflow or Wraparound vulnerability in multiple products libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. | 7.5 |
| 2017-12-01 | CVE-2017-15357 | Link Following vulnerability in Arqbackup ARQ The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | 7.4 |
| 2017-12-01 | CVE-2017-14486 | Cleartext Transmission of Sensitive Information vulnerability in Vibease Chat and Wireless Remote Vibrator The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. | 7.5 |