Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-29 | CVE-2016-10379 | SQL Injection vulnerability in Virtuemart 3.0.14 The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | 7.2 |
| 2017-05-29 | CVE-2016-10378 | SQL Injection vulnerability in E107 2.1.1 e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | 7.2 |
| 2017-05-29 | CVE-2017-7917 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 8.8 |
| 2017-05-29 | CVE-2016-10377 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvswitch 2.5.0 In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. | 8.8 |
| 2017-05-28 | CVE-2017-9250 | NULL Pointer Dereference vulnerability in Jerryscript 1.0 The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | 7.5 |
| 2017-05-28 | CVE-2017-7295 | Use After Free vulnerability in Contiki-Os Contiki 3.0 An issue was discovered in Contiki Operating System 3.0. | 7.5 |
| 2017-05-27 | CVE-2017-7731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 7.5 |
| 2017-05-27 | CVE-2017-7338 | Information Exposure vulnerability in Fortinet Fortiportal A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | 7.5 |
| 2017-05-27 | CVE-2017-3134 | Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 7.2 |
| 2017-05-26 | CVE-2017-8541 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. | 7.8 |