Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12316 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229) A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 7.5 |
| 2017-11-16 | CVE-2017-12314 | Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. | 7.8 |
| 2017-11-16 | CVE-2017-14034 | Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7 The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | 8.8 |
| 2017-11-16 | CVE-2017-13136 | Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7 The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | 8.8 |
| 2017-11-16 | CVE-2017-13135 | NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7 A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | 7.8 |
| 2017-11-16 | CVE-2017-16837 | Improper Input Validation vulnerability in Trusted Boot Project Trusted Boot 1.9.6 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | 7.8 |
| 2017-11-16 | CVE-2017-16834 | Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | 7.8 |
| 2017-11-15 | CVE-2017-15115 | Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-11-15 | CVE-2014-3150 | 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 8.8 |
| 2017-11-15 | CVE-2017-15923 | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | 7.5 |