Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-03 | CVE-2017-5924 | Use After Free vulnerability in Virustotal Yara 3.5.0 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | 7.5 |
| 2017-04-03 | CVE-2017-5923 | Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. | 7.5 |
| 2017-04-03 | CVE-2016-10314 | Information Exposure vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. | 8.8 |
| 2017-04-03 | CVE-2016-10313 | Cross-Site Request Forgery (CSRF) vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. | 8.8 |
| 2017-04-03 | CVE-2016-10226 | Out-of-bounds Read vulnerability in Apple Safari 18 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. | 7.5 |
| 2017-04-03 | CVE-2016-10222 | Improper Input Validation vulnerability in Apple Safari 18 runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. | 7.5 |
| 2017-04-03 | CVE-2016-10211 | Use After Free vulnerability in Virustotal Yara 3.5.0 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. | 7.5 |
| 2017-04-03 | CVE-2016-10210 | NULL Pointer Dereference vulnerability in Virustotal Yara 3.5.0 libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. | 7.5 |
| 2017-04-03 | CVE-2017-1001000 | Unspecified vulnerability in Wordpress 4.7/4.7.1/4.7.2 The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. | 7.5 |
| 2017-04-02 | CVE-2016-8803 | Permissions, Privileges, and Access Controls vulnerability in Huawei Fusionstorage V100R003C30U1 The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | 7.5 |