Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-21 CVE-2017-7523 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cygwin
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.
network
low complexity
cygwin CWE-119
7.5
2017-07-21 CVE-2017-1373 Unspecified vulnerability in IBM Tririga Application Platform
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to.
network
low complexity
ibm
8.8
2017-07-21 CVE-2017-1371 Unspecified vulnerability in IBM Tririga Application Platform
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to.
network
low complexity
ibm
8.8
2017-07-21 CVE-2017-1267 Improper Input Validation vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code.
network
low complexity
ibm CWE-20
7.5
2017-07-21 CVE-2017-9415 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
network
high complexity
subsonic CWE-352
7.5
2017-07-21 CVE-2015-5300 7PK - Time and State vulnerability in multiple products
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
7.5
2017-07-21 CVE-2015-5219 Incorrect Type Conversion or Cast vulnerability in multiple products
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
7.5
2017-07-21 CVE-2015-5195 Improper Input Validation vulnerability in multiple products
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
network
low complexity
fedoraproject redhat debian canonical ntp CWE-20
7.5
2017-07-21 CVE-2015-5194 Improper Input Validation vulnerability in multiple products
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
7.5
2017-07-21 CVE-2015-4639 Cross-Site Request Forgery (CSRF) vulnerability in Koha
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
network
low complexity
koha CWE-352
8.8