Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-31 | CVE-2017-1227 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Bigfix Platform 9.1/9.2/9.5 IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. | 7.5 |
| 2017-07-31 | CVE-2016-9716 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2016-9714 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-31 | CVE-2017-11760 | Code Injection vulnerability in Projeqtor uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | 8.8 |
| 2017-07-31 | CVE-2017-11670 | Out-of-bounds Write vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4 A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. | 7.5 |
| 2017-07-31 | CVE-2017-11669 | Out-of-bounds Read vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4 An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. | 7.5 |
| 2017-07-31 | CVE-2017-11668 | Out-of-bounds Read vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4 An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. | 7.5 |
| 2017-07-31 | CVE-2017-11116 | Out-of-bounds Read vulnerability in Openexif Project Openexif 2.1.4 The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file. | 7.8 |
| 2017-07-31 | CVE-2017-9522 | Unspecified vulnerability in Spectrum Tc8717T Firmware The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame. | 7.5 |
| 2017-07-31 | CVE-2017-9492 | Information Exposure vulnerability in multiple products The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 7.5 |