Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2015-2675 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Librest 0.7.92
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
network
low complexity
gnome CWE-119
7.5
7.5
2017-08-18 CVE-2015-0576 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.
local
high complexity
google CWE-119
7.0
7.0
2017-08-18 CVE-2014-3451 Improper Certificate Validation vulnerability in Igniterealtime Openfire
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
network
low complexity
igniterealtime CWE-295
7.5
7.5
2017-08-18 CVE-2017-12593 Cross-Site Request Forgery (CSRF) vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
network
low complexity
asus CWE-352
8.8
8.8
2017-08-18 CVE-2017-12592 Unspecified vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability.
network
low complexity
asus
8.8
8.8
2017-08-18 CVE-2017-12589 Cross-Site Request Forgery (CSRF) vulnerability in Tomaxcom R60G Firmware and R60Gv2 Firmware
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
network
low complexity
tomaxcom CWE-352
8.8
8.8
2017-08-18 CVE-2017-12420 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netapp Clustered Data Ontap
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
network
low complexity
netapp CWE-119
8.8
8.8
2017-08-18 CVE-2017-11653 Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
local
low complexity
razer CWE-732
7.8
7.8
2017-08-18 CVE-2017-11652 Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
local
low complexity
razer CWE-732
8.4
8.4
2017-08-18 CVE-2017-11185 NULL Pointer Dereference vulnerability in Strongswan
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
network
low complexity
strongswan CWE-476
7.5
7.5