Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2015-2297 | NULL Pointer Dereference vulnerability in Libcsoap Project Libcsoap nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | 7.5 |
| 2017-10-06 | CVE-2015-2158 | Numeric Errors vulnerability in Pngcrush Project Pngcrush Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file. | 7.8 |
| 2017-10-06 | CVE-2014-0047 | Unspecified vulnerability in Docker Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | 7.8 |
| 2017-10-06 | CVE-2017-1000254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl libcurl may read outside of a heap allocated buffer when doing FTP. | 7.5 |
| 2017-10-06 | CVE-2017-15063 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. | 8.8 |
| 2017-10-06 | CVE-2017-15056 | NULL Pointer Dereference vulnerability in UPX 3.94 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). | 7.8 |
| 2017-10-06 | CVE-2017-12730 | Unquoted Search Path or Element vulnerability in Myscada Mypro 7/7.0.26 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. | 7.8 |
| 2017-10-06 | CVE-2017-14088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. | 7.0 |
| 2017-10-06 | CVE-2017-14087 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 7.5 |
| 2017-10-06 | CVE-2017-14086 | Resource Exhaustion vulnerability in Trendmicro Officescan 11.0/12.0 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | 7.5 |