Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-04 CVE-2016-8230 Information Exposure vulnerability in Lenovo Service Bridge
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
network
low complexity
lenovo CWE-200
7.5
2017-06-04 CVE-2016-8229 Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
network
low complexity
lenovo CWE-352
8.8
2017-06-04 CVE-2016-8228 Permissions, Privileges, and Access Controls vulnerability in Lenovo Service Bridge
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
local
low complexity
lenovo CWE-264
7.8
2017-06-02 CVE-2017-9380 Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
network
low complexity
open-emr CWE-434
8.8
2017-06-02 CVE-2017-9379 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
network
low complexity
bigtreecms CWE-352
8.8
2017-06-02 CVE-2017-9372 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
network
low complexity
digium CWE-119
7.5
2017-06-02 CVE-2017-9365 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false.
network
low complexity
bigtreecms CWE-352
8.8
2017-06-02 CVE-2017-9359 Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
network
low complexity
digium CWE-125
7.5
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in multiple products
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
sangoma asterisk CWE-835
7.5
2017-06-02 CVE-2017-9354 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash.
network
low complexity
wireshark CWE-20
7.5