Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-31 | CVE-2017-14048 | Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS 1.2 BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. | 8.8 |
| 2017-08-30 | CVE-2017-14041 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-08-30 | CVE-2017-14040 | Out-of-bounds Write vulnerability in multiple products An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. | 8.8 |
| 2017-08-30 | CVE-2017-14039 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-08-30 | CVE-2017-1442 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 8.1 |
| 2017-08-30 | CVE-2017-11157 | Untrusted Search Path vulnerability in Synology Cloud Station Backup Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 7.8 |
| 2017-08-30 | CVE-2017-12735 | Unspecified vulnerability in Siemens Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 8 BM (incl. | 7.4 |
| 2017-08-30 | CVE-2017-12734 | Unspecified vulnerability in Siemens Logo!8 BM Fs-05 Firmware 1.81.1 A vulnerability has been identified in LOGO! 8 BM (incl. | 7.5 |