Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-30 | CVE-2017-6038 | Cross-Site Request Forgery (CSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. | 7.1 |
| 2017-06-30 | CVE-2017-6017 | Resource Exhaustion vulnerability in Schneider-Electric products A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. | 7.5 |
| 2017-06-29 | CVE-2017-10688 | Improper Input Validation vulnerability in Libtiff 4.0.8 In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. | 7.5 |
| 2017-06-29 | CVE-2017-10687 | Out-of-bounds Read vulnerability in Libsass 3.4.5 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. | 7.5 |
| 2017-06-29 | CVE-2017-10686 | Use After Free vulnerability in multiple products In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. | 7.8 |
| 2017-06-29 | CVE-2017-10683 | Out-of-bounds Read vulnerability in Mpg123 1.25.0 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. | 7.5 |
| 2017-06-29 | CVE-2017-10681 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10680 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10679 | Information Exposure vulnerability in Piwigo Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. | 7.5 |
| 2017-06-29 | CVE-2017-10678 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | 8.8 |