Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-17785 | Out-of-bounds Write vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | 7.8 |
| 2017-12-20 | CVE-2017-17784 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | 7.8 |
| 2017-12-20 | CVE-2017-17783 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | 7.5 |
| 2017-12-20 | CVE-2017-17782 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | 8.8 |
| 2017-12-20 | CVE-2017-17774 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2 admin/configuration.php in Piwigo 2.9.2 has CSRF. | 8.8 |
| 2017-12-19 | CVE-2017-17763 | Missing Encryption of Sensitive Data vulnerability in Liveqos Superbeam SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | 7.5 |
| 2017-12-19 | CVE-2017-17088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. | 7.5 |
| 2017-12-19 | CVE-2017-15049 | OS Command Injection vulnerability in Zoom The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |
| 2017-12-19 | CVE-2017-15048 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 8.8 |
| 2017-12-19 | CVE-2017-17758 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | 8.8 |