Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-27 CVE-2017-8870 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoderhq Audiocoder 0.8.46
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
local
low complexity
mediacoderhq CWE-119
7.8
2017-07-27 CVE-2016-10399 File and Directory Information Exposure vulnerability in Sendio
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.
network
low complexity
sendio CWE-538
7.5
2017-07-27 CVE-2016-10402 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avira Antivirus 1.0.2303.633/5.0.2003.1821/8.3.36.59
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
local
low complexity
avira CWE-119
7.8
2017-07-27 CVE-2017-8869 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mediacoder 0.8.48.5888
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
local
low complexity
mediacoder CWE-119
7.8
2017-07-27 CVE-2017-11665 Improper Input Validation vulnerability in Ffmpeg 3.3.2
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
network
low complexity
ffmpeg CWE-20
7.5
2017-07-27 CVE-2017-9614 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D.R.Commander Libjpeg-Turbo 1.5.1
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.
network
low complexity
d-r-commander CWE-119
8.8
2017-07-27 CVE-2017-11684 Unspecified vulnerability in Libav 12.1
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
network
low complexity
libav
7.5
2017-07-27 CVE-2017-11681 Improper Privilege Management vulnerability in Project Hashtopussy
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
network
low complexity
project-hashtopussy CWE-269
8.8
2017-07-27 CVE-2017-11680 Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.
network
low complexity
project-hashtopussy CWE-352
8.8
2017-07-27 CVE-2017-11679 Cross-Site Request Forgery (CSRF) vulnerability in Hashtopus Project Hashtopus 1.5G
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
network
low complexity
hashtopus-project CWE-352
8.8