Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-21 | CVE-2017-9115 | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. | 8.8 |
| 2017-05-21 | CVE-2017-9113 | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. | 8.8 |
| 2017-05-21 | CVE-2017-9111 | Unspecified vulnerability in Openexr 2.2.0 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. | 8.8 |
| 2017-05-21 | CVE-2014-9970 | Information Exposure vulnerability in Jasypt Project Jasypt jasypt before 1.9.2 allows a timing attack against the password hash comparison. | 7.5 |
| 2017-05-21 | CVE-2017-9046 | Improper Input Validation vulnerability in Pmail Pegasus 4.72 winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. | 7.3 |
| 2017-05-21 | CVE-2017-9024 | Path Traversal vulnerability in Secure-Bytes Secure Cisco Auditor 3.0 Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | 7.5 |
| 2017-05-21 | CVE-2017-9100 | Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04 login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | 8.8 |
| 2017-05-19 | CVE-2017-9098 | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. | 7.5 |
| 2017-05-19 | CVE-2017-9091 | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | 7.5 |
| 2017-05-19 | CVE-2017-9090 | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | 7.5 |