Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-2313 | Resource Exhaustion vulnerability in Capnproto Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. | 7.5 |
| 2017-08-09 | CVE-2015-2312 | Resource Exhaustion vulnerability in Capnproto Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements. | 7.5 |
| 2017-08-09 | CVE-2015-2291 | Improper Input Validation vulnerability in Intel products (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | 7.8 |
| 2017-08-09 | CVE-2015-0785 | Information Exposure vulnerability in Novell Zenworks Configuration Management com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | 7.5 |
| 2017-08-09 | CVE-2015-0784 | Information Exposure vulnerability in Novell Zenworks Configuration Management Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | 7.5 |
| 2017-08-09 | CVE-2017-9370 | Improper Authentication vulnerability in Blackberry Workspaces An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | 8.8 |
| 2017-08-09 | CVE-2015-7764 | Insufficient Entropy vulnerability in Netflix Lemur 0.1.4 Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 7.5 |
| 2017-08-09 | CVE-2015-4165 | Permissions, Privileges, and Access Controls vulnerability in Elasticsearch 1.5.2 The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | 7.5 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |
| 2017-08-09 | CVE-2017-12754 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asuswrt-Merlin Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. | 8.8 |