Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-01 | CVE-2017-10848 | Untrusted Search Path vulnerability in Fujixerox Docuworks and Docuworks Viewer Light Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-09-01 | CVE-2017-10829 | Untrusted Search Path vulnerability in NTT Enkaku Support Tool Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-09-01 | CVE-2017-14103 | Use After Free vulnerability in Graphicsmagick 1.3.26 The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. | 8.8 |
| 2017-09-01 | CVE-2017-13711 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | 7.5 |
| 2017-09-01 | CVE-2017-13674 | Unspecified vulnerability in Symantec Proxyclient 3.4 Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. | 7.8 |
| 2017-09-01 | CVE-2017-12869 | Improper Input Validation vulnerability in multiple products The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. | 7.5 |
| 2017-09-01 | CVE-2017-14102 | Improper Initialization vulnerability in Mimedefang 2.80 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | 7.8 |
| 2017-08-31 | CVE-2015-5958 | OS Command Injection vulnerability in PHPfilemanager Project PHPfilemanager 0.9.8 phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | 8.8 |
| 2017-08-31 | CVE-2014-8675 | Information Exposure vulnerability in Soplanning Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | 7.5 |
| 2017-08-31 | CVE-2016-5795 | XXE vulnerability in multiple products An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. | 7.3 |