Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-04 | CVE-2017-17114 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ikarussecurity Anti.Virus 2.16.15 ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request. | 7.8 |
| 2017-12-04 | CVE-2017-17112 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ikarussecurity Anti.Virus 2.16.15 ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request. | 7.8 |
| 2017-12-04 | CVE-2017-17104 | Information Exposure vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | 7.5 |
| 2017-12-04 | CVE-2017-17103 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. | 8.8 |
| 2017-12-04 | CVE-2017-17102 | SQL Injection vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | 7.5 |
| 2017-12-03 | CVE-2017-17099 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.1.16 There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. | 7.8 |
| 2017-12-03 | CVE-2017-8823 | Use After Free vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | 8.1 |
| 2017-12-03 | CVE-2017-8821 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. | 7.5 |
| 2017-12-03 | CVE-2017-8820 | NULL Pointer Dereference vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | 7.5 |
| 2017-12-03 | CVE-2017-8819 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. | 7.5 |