Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-05 CVE-2017-14151 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain debian CWE-119
8.8
2017-09-05 CVE-2017-14149 NULL Pointer Dereference vulnerability in Embedthis Goahead
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
network
low complexity
embedthis CWE-476
7.5
2017-09-05 CVE-2017-14146 Code Injection vulnerability in Helpdezk 1.1.1
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
network
low complexity
helpdezk CWE-94
8.8
2017-09-05 CVE-2017-1000083 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
local
low complexity
gnome debian redhat
7.8
2017-09-04 CVE-2017-14137 Resource Exhaustion vulnerability in Imagemagick 7.0.65
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
network
low complexity
imagemagick CWE-400
7.5
2017-09-04 CVE-2017-14123 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Firewall Analyzer 12.2
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section.
network
low complexity
zohocorp CWE-434
8.8
2017-09-03 CVE-2017-14120 Path Traversal vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
network
low complexity
rarlab debian CWE-22
7.5
2017-09-03 CVE-2017-14119 OS Command Injection vulnerability in Eyesofnetwork 5.10
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
network
low complexity
eyesofnetwork CWE-78
8.8
2017-09-03 CVE-2017-14118 OS Command Injection vulnerability in Eyesofnetwork 5.10
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
network
low complexity
eyesofnetwork CWE-78
8.8
2017-09-03 CVE-2017-14116 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
network
high complexity
att CWE-798
8.1