Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-26 | CVE-2017-6662 | XXE vulnerability in Cisco products A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. | 8.0 |
| 2017-06-25 | CVE-2017-9872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame 3.99.5 The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 7.8 |
| 2017-06-25 | CVE-2017-9871 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame 3.99.5 The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 7.8 |
| 2017-06-25 | CVE-2017-9840 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | 8.8 |
| 2017-06-24 | CVE-2017-9846 | Path Traversal vulnerability in Magicwinmail Winmail Server 6.1 Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | 8.8 |
| 2017-06-24 | CVE-2017-9833 | Path Traversal vulnerability in BOA 0.94.14.21 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. | 7.5 |
| 2017-06-23 | CVE-2017-9829 | Path Traversal vulnerability in Vivotek products '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. | 7.5 |
| 2017-06-23 | CVE-2017-1347 | SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. | 8.8 |
| 2017-06-22 | CVE-2017-9776 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-06-22 | CVE-2017-0897 | Insufficient Entropy vulnerability in Expressionengine ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. | 7.5 |