Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-29 | CVE-2017-2844 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. | 8.8 |
| 2017-06-29 | CVE-2017-3748 | Unspecified vulnerability in Google Android On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). | 7.8 |
| 2017-06-29 | CVE-2017-5528 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco products Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. | 8.8 |
| 2017-06-29 | CVE-2017-8613 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microsoft Azure Active Directory Connect 1.1.524.0 Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." | 8.1 |
| 2017-06-29 | CVE-2017-8579 | Improper Preservation of Permissions vulnerability in Microsoft Windows 10 and Windows Server 2016 The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | 7.0 |
| 2017-06-29 | CVE-2017-8576 | Improper Initialization vulnerability in Microsoft Windows 10 and Windows Server 2016 The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | 7.0 |
| 2017-06-29 | CVE-2017-8558 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. | 7.8 |
| 2017-06-29 | CVE-2017-10671 | Out-of-bounds Write vulnerability in Sthttpd Project Sthttpd 2.27.1 Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. | 7.8 |
| 2017-06-29 | CVE-2016-10042 | Improper Access Control vulnerability in Arcadyan Swisscom Internet-Box Firmware Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | 7.5 |
| 2017-06-28 | CVE-2017-7686 | Information Exposure vulnerability in Apache Ignite Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. | 7.5 |