Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-11367 Out-of-bounds Read vulnerability in Shoco Project Shoco 20170717
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.
network
low complexity
shoco-project CWE-125
7.5
2017-07-17 CVE-2017-8004 Improper Input Validation vulnerability in multiple products
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code.
network
low complexity
emc rsa CWE-20
7.2
2017-07-17 CVE-2017-9951 Unspecified vulnerability in Memcached
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.
network
low complexity
memcached
7.5
2017-07-17 CVE-2017-9814 Out-of-bounds Read vulnerability in multiple products
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
network
low complexity
cairographics opensuse CWE-125
7.5
2017-07-17 CVE-2017-7688 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
network
low complexity
apache
7.5
2017-07-17 CVE-2017-7684 Resource Exhaustion vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded.
network
low complexity
apache CWE-400
7.5
2017-07-17 CVE-2017-7683 Information Exposure vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
network
low complexity
apache CWE-200
7.5
2017-07-17 CVE-2017-7682 Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
network
low complexity
apache
8.2
2017-07-17 CVE-2017-7681 SQL Injection vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection.
network
low complexity
apache CWE-89
8.8
2017-07-17 CVE-2017-7680 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file.
network
low complexity
apache
7.5