Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2017-1224 | Inadequate Encryption Strength vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-07-19 | CVE-2017-1218 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-19 | CVE-2016-7507 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi 0.90.4 Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | 8.0 |
| 2017-07-19 | CVE-2017-11456 | Path Traversal vulnerability in Geneko products Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | 7.5 |
| 2017-07-19 | CVE-2017-11450 | coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | 8.8 |
| 2017-07-19 | CVE-2017-11449 | Unspecified vulnerability in Imagemagick coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | 8.8 |
| 2017-07-19 | CVE-2017-9245 | Information Exposure vulnerability in Google News and Weather The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | 7.5 |
| 2017-07-18 | CVE-2017-11411 | Improper Input Validation vulnerability in Wireshark In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. | 7.5 |
| 2017-07-18 | CVE-2017-11410 | Infinite Loop vulnerability in Wireshark In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. | 7.5 |
| 2017-07-18 | CVE-2017-11409 | Excessive Iteration vulnerability in multiple products In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. | 7.5 |