Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5054 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5052 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | 8.8 |
| 2017-10-26 | CVE-2017-5996 | Untrusted Search Path vulnerability in Beyondtrust Remote Support The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. | 7.8 |
| 2017-10-26 | CVE-2017-3771 | Unspecified vulnerability in Lenovo products System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | 7.5 |
| 2017-10-26 | CVE-2017-12160 | Improper Authentication vulnerability in Redhat Keycloak It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. | 7.2 |
| 2017-10-26 | CVE-2017-12159 | Insufficient Session Expiration vulnerability in multiple products It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. | 7.5 |
| 2017-10-26 | CVE-2017-15908 | Infinite Loop vulnerability in multiple products In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | 7.5 |
| 2017-10-26 | CVE-2017-7341 | OS Command Injection vulnerability in Fortinet Fortiwlc An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | 7.2 |
| 2017-10-26 | CVE-2017-15882 | Resource Exhaustion vulnerability in Londontrustmedia Private Internet Access The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. | 7.5 |
| 2017-10-25 | CVE-2017-12705 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webop A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. | 7.8 |