Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-10 | CVE-2017-12969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avaya IP Office Contact Center Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 8.8 |
| 2017-11-09 | CVE-2017-16757 | Incorrect Permission Assignment for Critical Resource vulnerability in Hola VPN 1.34 Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | 7.8 |
| 2017-11-09 | CVE-2017-16651 | Files or Directories Accessible to External Parties vulnerability in multiple products Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. | 7.8 |
| 2017-11-09 | CVE-2017-16674 | Unspecified vulnerability in Datto Windows Agent 1.0.5.0 Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. high complexity datto | 8.0 |
| 2017-11-09 | CVE-2017-16671 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. | 8.8 |
| 2017-11-09 | CVE-2017-16669 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | 8.8 |
| 2017-11-08 | CVE-2017-11512 | Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. | 7.5 |
| 2017-11-08 | CVE-2017-11511 | Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. | 7.5 |
| 2017-11-08 | CVE-2017-15865 | Information Exposure vulnerability in Frrouting bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). | 7.5 |
| 2017-11-08 | CVE-2017-15087 | Unspecified vulnerability in Redhat Gluster Storage 3.3 It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 7.5 |