Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-27 CVE-2016-6914 Incorrect Default Permissions vulnerability in UI Unifi Video
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
local
low complexity
ui CWE-276
7.8
7.8
2017-12-27 CVE-2017-7163 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-12-27 CVE-2017-7162 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-12-27 CVE-2017-7160 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple canonical CWE-119
8.8
8.8
2017-12-27 CVE-2017-7159 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-12-27 CVE-2017-7157 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-119
8.8
8.8
2017-12-27 CVE-2017-7156 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-119
8.8
8.8
2017-12-27 CVE-2017-7155 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-119
7.8
7.8
2017-12-27 CVE-2017-17935 Out-of-bounds Read vulnerability in multiple products
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
network
low complexity
wireshark debian CWE-125
7.5
7.5
2017-12-27 CVE-2017-17930 Cross-Site Request Forgery (CSRF) vulnerability in Ordermanagementscript Professional Service Script
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
network
low complexity
ordermanagementscript CWE-352
8.8
8.8