Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2016-9123 Integer Overflow or Wraparound vulnerability in Go-Jose Project Go-Jose
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures.
network
low complexity
go-jose-project CWE-190
7.5
2017-03-28 CVE-2016-9122 Improper Access Control vulnerability in Go-Jose Project Go-Jose
go-jose before 1.0.4 suffers from multiple signatures exploitation.
network
low complexity
go-jose-project CWE-284
7.5
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
2017-03-27 CVE-2017-1153 Unspecified vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to.
network
low complexity
ibm
8.8
2017-03-27 CVE-2016-8960 Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests.
network
low complexity
ibm CWE-264
8.8
2017-03-27 CVE-2017-5239 Inadequate Encryption Strength vulnerability in Eviewgps Ev-07S GPS Tracker Firmware
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
network
low complexity
eviewgps CWE-326
7.5
2017-03-27 CVE-2017-5237 Improper Authentication vulnerability in Eviewgps Ev-07S GPS Tracker Firmware
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
network
low complexity
eviewgps CWE-287
7.5
2017-03-27 CVE-2016-9252 Data Processing Errors vulnerability in F5 products
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
network
low complexity
f5 CWE-19
7.5
2017-03-27 CVE-2017-7272 Server-Side Request Forgery (SSRF) vulnerability in PHP
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained.
network
low complexity
php CWE-918
7.4
2017-03-27 CVE-2017-7183 Improper Input Validation vulnerability in Extraputty 0.29
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
network
low complexity
extraputty CWE-20
7.5