Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-7008 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 7.8 |
| 2017-07-20 | CVE-2017-7007 | Resource Exhaustion vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 7.5 |
| 2017-07-20 | CVE-2017-9822 | Code Injection vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 8.8 |
| 2017-07-20 | CVE-2017-11475 | SQL Injection vulnerability in Glpi-Project Glpi GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | 8.8 |
| 2017-07-20 | CVE-2017-11473 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. | 7.8 |
| 2017-07-20 | CVE-2017-11472 | Improper Handling of Exceptional Conditions vulnerability in Linux Kernel The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 7.1 |
| 2017-07-20 | CVE-2017-11469 | Path Traversal vulnerability in Idera Uptime Infrastructure Monitor 7.8 get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | 7.5 |
| 2017-07-20 | CVE-2017-9765 | Integer Overflow or Wraparound vulnerability in Genivia Gsoap Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. | 8.1 |
| 2017-07-20 | CVE-2017-11466 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms 4.1.1 Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. | 7.2 |
| 2017-07-19 | CVE-2017-11464 | Divide By Zero vulnerability in Gnome Librsvg 2.40.17 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | 7.8 |