Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2015-7691 | Improper Input Validation vulnerability in multiple products The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. | 7.5 |
| 2017-08-07 | CVE-2015-7571 | Unrestricted Upload of File with Dangerous Type vulnerability in Yeager CMS 1.2.1 Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | 7.8 |
| 2017-08-07 | CVE-2015-5946 | Incomplete Blacklist vulnerability in Sugarcrm 6.5.22 Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | 7.8 |
| 2017-08-07 | CVE-2014-9831 | Improper Access Control vulnerability in Imagemagick coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | 8.8 |
| 2017-08-07 | CVE-2014-9830 | Improper Access Control vulnerability in Imagemagick coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | 8.8 |
| 2017-08-07 | CVE-2014-9828 | Improper Access Control vulnerability in Imagemagick coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | 8.8 |
| 2017-08-07 | CVE-2014-9827 | Improper Access Control vulnerability in Imagemagick coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | 8.8 |
| 2017-08-07 | CVE-2014-3462 | Information Exposure vulnerability in multiple products The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". | 7.5 |
| 2017-08-07 | CVE-2014-1235 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphviz 2.34.0 Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | 7.8 |
| 2017-08-07 | CVE-2017-12653 | Uncontrolled Search Path Element vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033/9.0.0.1202 360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. | 7.8 |