Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-12 CVE-2017-10864 Untrusted Search Path vulnerability in Hitachi-Solutions Confidential File Viewer
Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
hitachi-solutions CWE-426
7.8
2017-10-12 CVE-2017-10863 Untrusted Search Path vulnerability in Hitachi-Solutions Confidential File Decryption
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
hitachi-solutions CWE-426
7.8
2017-10-12 CVE-2017-9514 Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded.
network
low complexity
atlassian CWE-732
8.8
2017-10-12 CVE-2017-15286 NULL Pointer Dereference vulnerability in Sqlite 3.20.1
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
network
low complexity
sqlite CWE-476
7.5
2017-10-12 CVE-2017-15285 Improper Input Validation vulnerability in Qualiteam X-Cart
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution.
network
low complexity
qualiteam CWE-20
8.8
2017-10-12 CVE-2017-15281 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
network
low complexity
imagemagick canonical CWE-119
8.8
2017-10-11 CVE-2017-8025 Improper Input Validation vulnerability in EMC Archer GRC Platform 6.2.0.4
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability.
local
high complexity
emc CWE-20
7.4
2017-10-11 CVE-2017-2888 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5.
network
low complexity
libsdl canonical debian CWE-190
8.8
2017-10-11 CVE-2017-2887 Out-of-bounds Write vulnerability in multiple products
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1.
network
low complexity
libsdl debian CWE-787
8.8
2017-10-11 CVE-2017-15264 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Irfanview 4.44
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4."
local
low complexity
irfanview CWE-119
7.8