Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2015-1529 | Integer Overflow or Wraparound vulnerability in Google Android Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. | 7.5 |
| 2017-05-22 | CVE-2017-1289 | XXE vulnerability in IBM SDK IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. | 8.2 |
| 2017-05-22 | CVE-2016-6112 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. | 8.8 |
| 2017-05-22 | CVE-2017-9149 | Information Exposure vulnerability in Metadata Anonymisation Toolkit Project Metadata Anonymisation Toolkit 0.6/0.6.1 Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. | 7.5 |
| 2017-05-22 | CVE-2017-6891 | Out-of-bounds Write vulnerability in multiple products Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. | 8.8 |
| 2017-05-22 | CVE-2017-9146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ytnef Project Ytnef The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | 8.8 |
| 2017-05-22 | CVE-2017-5657 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. | 8.0 |
| 2017-05-22 | CVE-2017-2175 | Untrusted Search Path vulnerability in IPA Empirical Project Monitor - Extended Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-05-22 | CVE-2016-7804 | Untrusted Search Path vulnerability in 7-Zip Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-05-22 | CVE-2016-4904 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Olivecart Olivecart and Olivecartpro Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | 8.8 |