Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-03 | CVE-2017-16522 | Incorrect Default Permissions vulnerability in Mitrastar Dsl-100Hn-T1 Firmware and Gpt-2541Gnac Firmware MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | 8.8 |
| 2017-11-03 | CVE-2017-16516 | Use of Externally-Controlled Format String vulnerability in multiple products In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. | 7.5 |
| 2017-11-03 | CVE-2017-16513 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. | 7.8 |
| 2017-11-03 | CVE-2017-16237 | Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.39 In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | 7.8 |
| 2017-11-02 | CVE-2017-11508 | SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. | 8.8 |
| 2017-11-02 | CVE-2017-12281 | Improper Authentication vulnerability in Cisco products A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. | 7.5 |
| 2017-11-02 | CVE-2017-12280 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |
| 2017-11-02 | CVE-2017-12277 | Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. | 8.8 |
| 2017-11-02 | CVE-2017-12276 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 8.1 |
| 2017-11-02 | CVE-2017-12275 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.4 |