Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-05 CVE-2017-9438 Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
network
low complexity
virustotal CWE-674
7.5
2017-06-05 CVE-2017-1000368 Improper Input Validation vulnerability in Sudo Project Sudo
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
local
low complexity
sudo-project CWE-20
8.2
2017-06-05 CVE-2017-9437 SQL Injection vulnerability in Openbravo ERP 3.0
Openbravo Business Suite 3.0 is affected by SQL injection.
network
low complexity
openbravo CWE-89
8.8
2017-06-05 CVE-2017-8841 Path Traversal vulnerability in Peplink products
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-22
8.1
2017-06-05 CVE-2017-8836 Cross-Site Request Forgery (CSRF) vulnerability in Peplink products
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-352
8.8
2017-06-05 CVE-2017-8438 Improper Privilege Management vulnerability in Elastic X-Pack
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality.
network
low complexity
elastic CWE-269
8.8
2017-06-05 CVE-2017-7669 Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation.
network
high complexity
apache CWE-20
7.5
2017-06-04 CVE-2017-9428 Path Traversal vulnerability in Bigtreecms Bigtree CMS
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
network
low complexity
bigtreecms CWE-22
7.5
2017-06-04 CVE-2017-9427 SQL Injection vulnerability in Bigtreecms Bigtree CMS
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php.
network
low complexity
bigtreecms CWE-89
8.8
2017-06-04 CVE-2016-8231 Improper Certificate Validation vulnerability in Lenovo Service Bridge
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
network
low complexity
lenovo CWE-295
7.5