Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-14 | CVE-2017-8930 | Cross-Site Request Forgery (CSRF) vulnerability in Simpleinvoices Simple Invoices 2013.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | 8.8 |
| 2017-05-14 | CVE-2017-8929 | Use After Free vulnerability in Virustotal Yara 3.5.0 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | 7.5 |
| 2017-05-14 | CVE-2017-8928 | Cross-Site Request Forgery (CSRF) vulnerability in Mailcow Mailcow: Dockerized 0.14 mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | 8.8 |
| 2017-05-14 | CVE-2017-7487 | Use After Free vulnerability in multiple products The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. | 7.8 |
| 2017-05-12 | CVE-2017-5654 | XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0 In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | 7.5 |
| 2017-05-12 | CVE-2017-8246 | Use After Free vulnerability in Google Android In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. | 7.8 |
| 2017-05-12 | CVE-2017-8245 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. | 7.8 |
| 2017-05-12 | CVE-2017-8244 | Race Condition vulnerability in Google Android In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. | 7.0 |
| 2017-05-12 | CVE-2016-10331 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | 7.5 |
| 2017-05-12 | CVE-2016-10330 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | 7.1 |