Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2016-5409 | Information Exposure vulnerability in Redhat Openshift 2.0 Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 7.5 |
| 2017-04-20 | CVE-2016-4650 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 7.8 |
| 2017-04-20 | CVE-2016-4293 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Office 2014 9.1.0.2176 Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | 7.8 |
| 2017-04-20 | CVE-2017-7692 | Improper Input Validation vulnerability in Squirrelmail 1.4.22 SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. | 8.8 |
| 2017-04-20 | CVE-2017-7283 | Improper Input Validation vulnerability in Unitrends Enterprise Backup An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | 8.8 |
| 2017-04-20 | CVE-2017-6919 | Unspecified vulnerability in Drupal Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | 7.5 |
| 2017-04-19 | CVE-2017-7979 | Improper Input Validation vulnerability in Linux Kernel 4.11 The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. | 7.8 |
| 2017-04-19 | CVE-2017-7978 | Information Exposure vulnerability in Samsung Mobile Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. | 7.5 |
| 2017-04-19 | CVE-2017-7976 | Integer Overflow or Wraparound vulnerability in Artifex Jbig2Dec 0.13 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. | 7.1 |
| 2017-04-19 | CVE-2013-7463 | Use of Insufficiently Random Values vulnerability in Aescrypt Project Aescrypt 1.0.0 The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | 7.5 |