Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-01 CVE-2017-11133 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop.
network
low complexity
stashcat CWE-327
7.5
2017-08-01 CVE-2017-11132 Improper Certificate Validation vulnerability in Heinekingmedia Stashcat
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android.
network
low complexity
heinekingmedia CWE-295
7.5
2017-08-01 CVE-2017-11130 Insufficient Verification of Data Authenticity vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop.
network
high complexity
stashcat CWE-345
8.1
2017-08-01 CVE-2017-12067 Out-of-bounds Read vulnerability in Potrace Project Potrace 1.14
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
network
low complexity
potrace-project CWE-125
7.5
2017-08-01 CVE-2017-12064 Improper Encoding or Escaping of Output vulnerability in Open-Emr Openemr 5.0.0
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.
network
low complexity
open-emr CWE-116
7.5
2017-07-31 CVE-2017-11726 Cross-Site Request Forgery (CSRF) vulnerability in Connectwise Manage 2017.5
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.
network
low complexity
connectwise CWE-352
8.8
2017-07-31 CVE-2017-11648 Cross-Site Request Forgery (CSRF) vulnerability in Techroutes TR 1803-3G Firmware 2.4.25
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
network
low complexity
techroutes CWE-352
8.8
2017-07-31 CVE-2017-1460 Improper Input Validation vulnerability in IBM I
IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin.
network
low complexity
ibm CWE-20
7.5
2017-07-31 CVE-2017-1227 Allocation of Resources Without Limits or Throttling vulnerability in IBM Bigfix Platform 9.1/9.2/9.5
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system.
network
low complexity
ibm CWE-770
7.5
2017-07-31 CVE-2016-9716 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8