Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2015-8285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quickheal Total Security 16.00 The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-04-20 | CVE-2017-5156 | Cross-Site Request Forgery (CSRF) vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2 A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. | 8.8 |
| 2017-04-20 | CVE-2017-2784 | Improper Certificate Validation vulnerability in ARM Mbed TLS An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. | 8.1 |
| 2017-04-20 | CVE-2016-4862 | Improper Input Validation vulnerability in Cs-Cart Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | 8.8 |
| 2017-04-20 | CVE-2016-4850 | Improper Access Control vulnerability in Linecorp Line 4.3.0.724/4.7.0/4.8.2.1125 LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
| 2017-04-20 | CVE-2016-1218 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 8.8 |
| 2017-04-20 | CVE-2016-6337 | Improper Access Control vulnerability in Mediawiki 1.27.0 MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. | 7.5 |
| 2017-04-20 | CVE-2016-6335 | Information Exposure vulnerability in Mediawiki MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | 7.5 |
| 2017-04-20 | CVE-2016-6332 | Information Exposure vulnerability in Mediawiki MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. | 7.5 |
| 2017-04-20 | CVE-2016-6331 | Improper Access Control vulnerability in Mediawiki ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. | 7.5 |