Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-25 | CVE-2017-14729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 7.8 |
2017-09-25 | CVE-2017-1362 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0 IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
2017-09-25 | CVE-2017-14683 | Cross-Site Request Forgery (CSRF) vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | 8.8 |
2017-09-23 | CVE-2017-14727 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | 7.5 |
2017-09-23 | CVE-2017-14722 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | 7.5 |
2017-09-23 | CVE-2017-14719 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | 7.5 |
2017-09-23 | CVE-2017-14627 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cyberlink Labelprint 2.5 Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. | 7.8 |
2017-09-22 | CVE-2017-14694 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013 Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | 7.8 |
2017-09-22 | CVE-2017-14705 | OS Command Injection vulnerability in Denyall I-Suite and web Application Firewall DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. | 8.1 |
2017-09-22 | CVE-2017-6277 | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | 7.8 |