Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-04 | CVE-2016-8230 | Information Exposure vulnerability in Lenovo Service Bridge In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | 7.5 |
| 2017-06-04 | CVE-2016-8229 | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | 8.8 |
| 2017-06-04 | CVE-2016-8228 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Service Bridge In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | 7.8 |
| 2017-06-02 | CVE-2017-9380 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | 8.8 |
| 2017-06-02 | CVE-2017-9379 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | 8.8 |
| 2017-06-02 | CVE-2017-9372 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 7.5 |
| 2017-06-02 | CVE-2017-9365 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. | 8.8 |
| 2017-06-02 | CVE-2017-9359 | Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 7.5 |
| 2017-06-02 | CVE-2017-9358 | Infinite Loop vulnerability in multiple products A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | 7.5 |
| 2017-06-02 | CVE-2017-9354 | Improper Input Validation vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. | 7.5 |