Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2017-15923 | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | 7.5 |
| 2017-11-15 | CVE-2017-15806 | Code Injection vulnerability in Zetacomponents Mail The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 8.1 |
| 2017-11-15 | CVE-2017-15288 | Incorrect Permission Assignment for Critical Resource vulnerability in Scala-Lang Scala The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | 7.8 |
| 2017-11-15 | CVE-2017-14961 | Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7 In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | 7.8 |
| 2017-11-15 | CVE-2014-4000 | Code Injection vulnerability in Cacti Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | 8.8 |
| 2017-11-15 | CVE-2017-8815 | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | 7.5 |
| 2017-11-15 | CVE-2017-8814 | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | 7.5 |
| 2017-11-15 | CVE-2017-8810 | Information Exposure vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | 7.5 |
| 2017-11-15 | CVE-2017-7851 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 |
| 2017-11-15 | CVE-2017-16832 | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | 7.8 |