Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-03 CVE-2017-1000494 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Miniupnp Project Miniupnpd
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
local
low complexity
miniupnp-project CWE-119
7.8
2018-01-03 CVE-2018-4862 Improper Privilege Management vulnerability in Octopus Deploy
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
network
low complexity
octopus CWE-269
8.8
2018-01-02 CVE-2017-1000438 Unspecified vulnerability in Openmicroscopy Omero
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
network
low complexity
openmicroscopy
8.3
2018-01-02 CVE-2017-1000433 Improper Authentication vulnerability in multiple products
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled.
network
high complexity
pysaml2-project debian CWE-287
8.1
2018-01-02 CVE-2017-1000432 Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
network
low complexity
vanillaforums CWE-352
8.0
2018-01-02 CVE-2017-1000422 Integer Overflow or Wraparound vulnerability in multiple products
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
network
low complexity
gnome debian canonical CWE-190
8.8
2018-01-02 CVE-2017-1000420 Link Following vulnerability in Syncthing
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
network
low complexity
syncthing CWE-59
7.5
2018-01-02 CVE-2017-1000419 Server-Side Request Forgery (SSRF) vulnerability in PHPbb 3.2.0
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
network
low complexity
phpbb CWE-918
7.5
2018-01-02 CVE-2017-1000456 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
network
low complexity
freedesktop debian CWE-119
8.8
2018-01-02 CVE-2017-1000418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mindwerks Wildmidi
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
local
low complexity
mindwerks CWE-119
7.8