Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-23 CVE-2017-11565 Unspecified vulnerability in Debian TOR 0.2.9.111
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism.
network
low complexity
debian
7.5
2017-07-23 CVE-2017-11556 Uncontrolled Recursion vulnerability in Libsass 3.4.5
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5.
network
low complexity
libsass CWE-674
7.5
2017-07-23 CVE-2017-11555 Improper Input Validation vulnerability in Libsass 3.4.5
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5.
network
low complexity
libsass CWE-20
7.5
2017-07-23 CVE-2017-11554 Uncontrolled Recursion vulnerability in Libsass 3.4.5
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5.
network
low complexity
libsass CWE-674
7.5
2017-07-23 CVE-2017-11553 Improper Input Validation vulnerability in Exiv2 0.26
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26.
network
low complexity
exiv2 CWE-20
7.5
2017-07-22 CVE-2017-11521 Resource Exhaustion vulnerability in multiple products
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
network
low complexity
resiprocate debian CWE-400
7.5
2017-07-22 CVE-2016-10400 Path Traversal vulnerability in Atutor
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php.
network
low complexity
atutor CWE-22
7.5
2017-07-22 CVE-2017-2276 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sony Wg-C10 Firmware 3.0.79
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
network
low complexity
sony CWE-119
7.2
2017-07-22 CVE-2017-2275 OS Command Injection vulnerability in Sony Wg-C10 Firmware 3.0.79
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
network
low complexity
sony CWE-78
7.2
2017-07-22 CVE-2017-2273 Cross-Site Request Forgery (CSRF) vulnerability in Buffalo Wmr-433 Firmware and Wmr-433W Firmware
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
buffalo CWE-352
8.8