Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-12064 | Improper Encoding or Escaping of Output vulnerability in Open-Emr Openemr 5.0.0 The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. | 7.5 |
| 2017-07-31 | CVE-2017-11726 | Cross-Site Request Forgery (CSRF) vulnerability in Connectwise Manage 2017.5 services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | 8.8 |
| 2017-07-31 | CVE-2017-11648 | Cross-Site Request Forgery (CSRF) vulnerability in Techroutes TR 1803-3G Firmware 2.4.25 Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | 8.8 |
| 2017-07-31 | CVE-2017-1460 | Improper Input Validation vulnerability in IBM I IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. | 7.5 |
| 2017-07-31 | CVE-2017-1227 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Bigfix Platform 9.1/9.2/9.5 IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. | 7.5 |
| 2017-07-31 | CVE-2016-9716 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2016-9714 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2017-11760 | Code Injection vulnerability in Projeqtor uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | 8.8 |
| 2017-07-31 | CVE-2017-11670 | Out-of-bounds Write vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4 A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. | 7.5 |
| 2017-07-31 | CVE-2017-11669 | Out-of-bounds Read vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4 An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. | 7.5 |