Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
| 2017-08-14 | CVE-2017-12853 | Cross-Site Request Forgery (CSRF) vulnerability in Rtsindia Rwr-3G-100 Firmware 1.0.56 The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 8.8 |
| 2017-08-14 | CVE-2017-12851 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of the admin by altering form data. | 8.8 |
| 2017-08-14 | CVE-2017-12850 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of other users (including the admin) by altering form data. | 8.8 |
| 2017-08-14 | CVE-2017-11156 | Incorrect Permission Assignment for Critical Resource vulnerability in Synology Download Station Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | 7.8 |
| 2017-08-14 | CVE-2017-11150 | OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 7.8 |
| 2017-08-14 | CVE-2017-9661 | Uncontrolled Search Path Element vulnerability in Simplight Scada 4.3.0.27 An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. | 7.0 |
| 2017-08-14 | CVE-2017-9660 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0 A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. | 8.8 |
| 2017-08-14 | CVE-2017-9659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0 A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. | 8.8 |
| 2017-08-14 | CVE-2017-9648 | Uncontrolled Search Path Element vulnerability in Solarcontrols Wattconfig M 2.5.10.1 An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. | 7.8 |