Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-14729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
local
low complexity
gnu CWE-119
7.8
2017-09-25 CVE-2017-1362 Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2017-09-25 CVE-2017-14683 Cross-Site Request Forgery (CSRF) vulnerability in Geminabox Project Geminabox
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
network
low complexity
geminabox-project CWE-352
8.8
2017-09-23 CVE-2017-14727 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
network
low complexity
weechat CWE-119
7.5
2017-09-23 CVE-2017-14722 Path Traversal vulnerability in Wordpress
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
network
low complexity
wordpress CWE-22
7.5
2017-09-23 CVE-2017-14719 Path Traversal vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.
network
low complexity
wordpress CWE-22
7.5
2017-09-23 CVE-2017-14627 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cyberlink Labelprint 2.5
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
local
low complexity
cyberlink CWE-119
7.8
2017-09-22 CVE-2017-14694 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".
local
low complexity
foxitsoftware CWE-119
7.8
2017-09-22 CVE-2017-14705 OS Command Injection vulnerability in Denyall I-Suite and web Application Firewall
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php.
network
high complexity
denyall CWE-78
8.1
2017-09-22 CVE-2017-6277 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.
local
low complexity
nvidia CWE-20
7.8