Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-05 | CVE-2017-14151 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-09-05 | CVE-2017-14149 | NULL Pointer Dereference vulnerability in Embedthis Goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | 7.5 |
| 2017-09-05 | CVE-2017-14146 | Code Injection vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | 8.8 |
| 2017-09-05 | CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | 7.8 |
| 2017-09-04 | CVE-2017-14137 | Resource Exhaustion vulnerability in Imagemagick 7.0.65 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | 7.5 |
| 2017-09-04 | CVE-2017-14123 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Firewall Analyzer 12.2 Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. | 8.8 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 7.5 |
| 2017-09-03 | CVE-2017-14119 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | 8.8 |
| 2017-09-03 | CVE-2017-14118 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | 8.8 |
| 2017-09-03 | CVE-2017-14116 | Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. | 8.1 |