Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-29 CVE-2017-9300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
local
low complexity
videolan CWE-119
7.8
2017-05-29 CVE-2016-10379 SQL Injection vulnerability in Virtuemart 3.0.14
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
network
low complexity
virtuemart CWE-89
7.2
2017-05-29 CVE-2016-10378 SQL Injection vulnerability in E107 2.1.1
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
network
low complexity
e107 CWE-89
7.2
2017-05-29 CVE-2017-7917 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.
network
low complexity
moxa CWE-352
8.8
2017-05-29 CVE-2016-10377 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvswitch 2.5.0
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
low complexity
openvswitch CWE-119
8.8
2017-05-28 CVE-2017-9250 NULL Pointer Dereference vulnerability in Jerryscript 1.0
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
network
low complexity
jerryscript CWE-476
7.5
2017-05-28 CVE-2017-7295 Use After Free vulnerability in Contiki-Os Contiki 3.0
An issue was discovered in Contiki Operating System 3.0.
network
low complexity
contiki-os CWE-416
7.5
2017-05-27 CVE-2017-7731 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
network
low complexity
fortinet CWE-640
7.5
2017-05-27 CVE-2017-7338 Information Exposure vulnerability in Fortinet Fortiportal
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
network
low complexity
fortinet CWE-200
7.5
2017-05-27 CVE-2017-3134 Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.
network
low complexity
fortinet CWE-20
7.2