Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-27 | CVE-2017-8870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoderhq Audiocoder 0.8.46 Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. | 7.8 |
2017-07-27 | CVE-2016-10399 | File and Directory Information Exposure vulnerability in Sendio Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. | 7.5 |
2017-07-27 | CVE-2016-10402 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avira Antivirus 1.0.2303.633/5.0.2003.1821/8.3.36.59 Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. | 7.8 |
2017-07-27 | CVE-2017-8869 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoder 0.8.48.5888 Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. | 7.8 |
2017-07-27 | CVE-2017-11665 | Improper Input Validation vulnerability in Ffmpeg 3.3.2 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | 7.5 |
2017-07-27 | CVE-2017-9614 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D.R.Commander Libjpeg-Turbo 1.5.1 The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. | 8.8 |
2017-07-27 | CVE-2017-11684 | Unspecified vulnerability in Libav 12.1 There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | 7.5 |
2017-07-27 | CVE-2017-11681 | Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | 8.8 |
2017-07-27 | CVE-2017-11680 | Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | 8.8 |
2017-07-27 | CVE-2017-11679 | Cross-Site Request Forgery (CSRF) vulnerability in Hashtopus Project Hashtopus 1.5G Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | 8.8 |