Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-29 | CVE-2017-16227 | Improper Input Validation vulnerability in multiple products The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 7.5 |
| 2017-10-29 | CVE-2017-16000 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | 7.2 |
| 2017-10-29 | CVE-2017-15998 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1 In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. | 7.5 |
| 2017-10-29 | CVE-2017-15997 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1 In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. | 7.8 |
| 2017-10-29 | CVE-2017-15996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | 7.8 |
| 2017-10-29 | CVE-2017-15957 | Unrestricted Upload of File with Dangerous Type vulnerability in Ingenious School Management System Project Ingenious School Management System 2.3.0 my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | 8.8 |
| 2017-10-29 | CVE-2017-15956 | Improper Input Validation vulnerability in Converto Video Downloader & Converter Project Converto Video Downloader & Converter 1.4.1 ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | 7.5 |
| 2017-10-28 | CVE-2017-15951 | Improper Input Validation vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-10-28 | CVE-2017-15949 | SQL Injection vulnerability in Angry-Frog Xavier 2.4 Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. | 7.2 |
| 2017-10-27 | CVE-2017-15945 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | 7.8 |