Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-29 | CVE-2017-9300 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | 7.8 |
2017-05-29 | CVE-2016-10379 | SQL Injection vulnerability in Virtuemart 3.0.14 The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | 7.2 |
2017-05-29 | CVE-2016-10378 | SQL Injection vulnerability in E107 2.1.1 e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | 7.2 |
2017-05-29 | CVE-2017-7917 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 8.8 |
2017-05-29 | CVE-2016-10377 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvswitch 2.5.0 In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. | 8.8 |
2017-05-28 | CVE-2017-9250 | NULL Pointer Dereference vulnerability in Jerryscript 1.0 The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | 7.5 |
2017-05-28 | CVE-2017-7295 | Use After Free vulnerability in Contiki-Os Contiki 3.0 An issue was discovered in Contiki Operating System 3.0. | 7.5 |
2017-05-27 | CVE-2017-7731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 7.5 |
2017-05-27 | CVE-2017-7338 | Information Exposure vulnerability in Fortinet Fortiportal A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | 7.5 |
2017-05-27 | CVE-2017-3134 | Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 7.2 |