Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-24 | CVE-2017-9833 | Path Traversal vulnerability in BOA 0.94.14.21 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. | 7.5 |
| 2017-06-23 | CVE-2017-9829 | Path Traversal vulnerability in Vivotek products '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. | 7.5 |
| 2017-06-23 | CVE-2017-1347 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. | 8.8 |
| 2017-06-22 | CVE-2017-9776 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-06-22 | CVE-2017-0897 | Insufficient Entropy vulnerability in Expressionengine ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. | 7.5 |
| 2017-06-22 | CVE-2017-0176 | Classic Buffer Overflow vulnerability in Microsoft Windows Server 2003 and Windows XP A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled. | 8.1 |
| 2017-06-22 | CVE-2017-3629 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Oracle Solaris 10/11 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 7.8 |
| 2017-06-21 | CVE-2017-4988 | Unspecified vulnerability in EMC Isilon Onefs EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | 7.2 |
| 2017-06-21 | CVE-2017-3219 | Insufficient Verification of Data Authenticity vulnerability in Acronis True Image 2016/2017 Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. | 8.8 |
| 2017-06-21 | CVE-2017-3218 | Insufficient Verification of Data Authenticity vulnerability in Samsung Magician 5.0 Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. | 8.8 |