Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-31 CVE-2017-1227 Allocation of Resources Without Limits or Throttling vulnerability in IBM Bigfix Platform 9.1/9.2/9.5
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system.
network
low complexity
ibm CWE-770
7.5
2017-07-31 CVE-2016-9716 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-07-31 CVE-2016-9714 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-07-31 CVE-2017-11760 Code Injection vulnerability in Projeqtor
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
network
low complexity
projeqtor CWE-94
8.8
2017-07-31 CVE-2017-11670 Out-of-bounds Write vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function.
network
low complexity
eapmd5pass-project CWE-787
7.5
2017-07-31 CVE-2017-11669 Out-of-bounds Read vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets.
network
low complexity
eapmd5pass-project CWE-125
7.5
2017-07-31 CVE-2017-11668 Out-of-bounds Read vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets.
network
low complexity
eapmd5pass-project CWE-125
7.5
2017-07-31 CVE-2017-11116 Out-of-bounds Read vulnerability in Openexif Project Openexif 2.1.4
The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file.
local
low complexity
openexif-project CWE-125
7.8
2017-07-31 CVE-2017-9522 Unspecified vulnerability in Spectrum Tc8717T Firmware
The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame.
network
low complexity
spectrum
7.5
2017-07-31 CVE-2017-9492 Information Exposure vulnerability in multiple products
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
network
low complexity
cisco commscope CWE-200
7.5