Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-16 | CVE-2016-5853 | Permissions, Privileges, and Access Controls vulnerability in Google Android In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | 7.0 |
| 2017-08-15 | CVE-2017-8665 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Xamarin.Ios 10.11 The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | 7.8 |
| 2017-08-15 | CVE-2017-12864 | Integer Overflow or Wraparound vulnerability in multiple products In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. | 8.8 |
| 2017-08-15 | CVE-2017-12863 | Integer Overflow or Wraparound vulnerability in multiple products In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. | 8.8 |
| 2017-08-15 | CVE-2017-12862 | Out-of-bounds Write vulnerability in multiple products In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. | 8.8 |
| 2017-08-15 | CVE-2017-12852 | Infinite Loop vulnerability in Numpy The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. | 7.5 |
| 2017-08-14 | CVE-2017-1469 | Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 7.8 |
| 2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
| 2017-08-14 | CVE-2017-12853 | Cross-Site Request Forgery (CSRF) vulnerability in Rtsindia Rwr-3G-100 Firmware 1.0.56 The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 8.8 |
| 2017-08-14 | CVE-2017-12851 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of the admin by altering form data. | 8.8 |