Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2113 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata products Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2112 | OS Command Injection vulnerability in Iodata products TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2108 | Untrusted Search Path vulnerability in Softbank Primedrive Desktop Application 1.4.3 Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2107 | Untrusted Search Path vulnerability in Akky 7-Zip32.Dll Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2102 | Cross-Site Request Forgery (CSRF) vulnerability in IPA Appgoat 3.0.0 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2101 | Improper Authentication vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | 7.3 |
| 2017-04-28 | CVE-2017-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-27 | CVE-2017-8308 | Improper Privilege Management vulnerability in Avast Antivirus In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. | 7.5 |
| 2017-04-27 | CVE-2017-8296 | Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. | 7.5 |
| 2017-04-27 | CVE-2017-8294 | Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. | 7.5 |