Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-16 CVE-2017-12316 Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229)
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit.
network
low complexity
cisco CWE-307
7.5
2017-11-16 CVE-2017-12314 Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading.
local
low complexity
cisco CWE-427
7.8
2017-11-16 CVE-2017-14034 Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
network
low complexity
libbpg-project CWE-125
8.8
2017-11-16 CVE-2017-13136 Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.
network
low complexity
libbpg-project CWE-190
8.8
2017-11-16 CVE-2017-13135 NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.
local
low complexity
libbpg-project CWE-476
7.8
2017-11-16 CVE-2017-16837 Improper Input Validation vulnerability in Trusted Boot Project Trusted Boot 1.9.6
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
local
low complexity
trusted-boot-project CWE-20
7.8
2017-11-16 CVE-2017-16834 Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
local
low complexity
pnp4nagios CWE-732
7.8
2017-11-15 CVE-2017-15115 Use After Free vulnerability in multiple products
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux debian suse canonical CWE-416
7.8
2017-11-15 CVE-2014-3150 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
network
low complexity
orange CWE-254
8.8
2017-11-15 CVE-2017-15923 Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
network
low complexity
konversation debian
7.5