Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-17785 Out-of-bounds Write vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
local
low complexity
gimp debian canonical CWE-787
7.8
2017-12-20 CVE-2017-17784 Out-of-bounds Read vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
local
low complexity
gimp debian canonical CWE-125
7.8
2017-12-20 CVE-2017-17783 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
network
high complexity
graphicsmagick debian CWE-125
7.5
2017-12-20 CVE-2017-17782 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-20 CVE-2017-17774 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2
admin/configuration.php in Piwigo 2.9.2 has CSRF.
network
low complexity
piwigo CWE-352
8.8
2017-12-19 CVE-2017-17763 Missing Encryption of Sensitive Data vulnerability in Liveqos Superbeam
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.
network
high complexity
liveqos CWE-311
7.5
2017-12-19 CVE-2017-17088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability.
network
low complexity
flexense CWE-119
7.5
2017-12-19 CVE-2017-15049 OS Command Injection vulnerability in Zoom
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
network
low complexity
zoom CWE-78
8.8
2017-12-19 CVE-2017-15048 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
network
low complexity
zoom CWE-119
8.8
2017-12-19 CVE-2017-17758 OS Command Injection vulnerability in Tp-Link products
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.
network
low complexity
tp-link CWE-78
8.8