Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-27 | CVE-2017-11665 | Improper Input Validation vulnerability in Ffmpeg 3.3.2 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | 7.5 |
| 2017-07-27 | CVE-2017-9614 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D.R.Commander Libjpeg-Turbo 1.5.1 The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. | 8.8 |
| 2017-07-27 | CVE-2017-11684 | Unspecified vulnerability in Libav 12.1 There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | 7.5 |
| 2017-07-27 | CVE-2017-11681 | Improper Privilege Management vulnerability in Project Hashtopussy Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | 8.8 |
| 2017-07-27 | CVE-2017-11680 | Cross-Site Request Forgery (CSRF) vulnerability in Project Hashtopussy Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | 8.8 |
| 2017-07-27 | CVE-2017-11679 | Cross-Site Request Forgery (CSRF) vulnerability in Hashtopus Project Hashtopus 1.5G Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | 8.8 |
| 2017-07-27 | CVE-2017-11678 | SQL Injection vulnerability in Hashtopus Project Hashtopus 1.5G SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | 8.8 |
| 2017-07-27 | CVE-2017-11675 | Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | 8.8 |
| 2017-07-26 | CVE-2017-7659 | NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | 7.5 |
| 2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |