Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 8.8 |
| 2017-05-25 | CVE-2014-0097 | Improper Authentication vulnerability in VMWare Spring Security The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. | 7.3 |
| 2017-05-24 | CVE-2017-9230 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. | 7.5 |
| 2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
| 2017-05-24 | CVE-2017-2824 | OS Command Injection vulnerability in Zabbix An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. | 8.1 |
| 2017-05-24 | CVE-2017-2823 | Use After Free vulnerability in Poweriso 6.8 A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. | 7.8 |
| 2017-05-24 | CVE-2017-2819 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor and Thinkfree Office NEO An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. | 7.8 |
| 2017-05-24 | CVE-2017-2817 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Poweriso 6.8 A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. | 7.8 |
| 2017-05-24 | CVE-2017-2799 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06 An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. | 7.8 |
| 2017-05-24 | CVE-2017-2798 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06 An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. | 7.8 |