Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-24 CVE-2016-10146 Resource Management Errors vulnerability in Imagemagick
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
network
low complexity
imagemagick CWE-399
7.5
7.5
2017-03-24 CVE-2016-10132 NULL Pointer Dereference vulnerability in multiple products
regexp.c in Artifex Software, Inc.
network
low complexity
artifex fedoraproject CWE-476
7.5
7.5
2017-03-24 CVE-2016-10129 NULL Pointer Dereference vulnerability in Libgit2 Project Libgit2 0.25.0
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
network
low complexity
libgit2-project CWE-476
7.5
7.5
2017-03-24 CVE-2017-6087 OS Command Injection vulnerability in Eonweb Project Eonweb
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
network
low complexity
eonweb-project CWE-78
8.8
8.8
2017-03-24 CVE-2017-5869 Path Traversal vulnerability in Nuxeo
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a ..
network
low complexity
nuxeo CWE-22
8.8
8.8
2017-03-24 CVE-2016-10149 XXE vulnerability in multiple products
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
network
low complexity
pysaml2-project debian CWE-611
7.5
7.5
2017-03-24 CVE-2017-6369 Missing Authorization vulnerability in Firebirdsql Firebird
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
network
low complexity
firebirdsql CWE-862
8.8
8.8
2017-03-24 CVE-2017-5199 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds LOG and Event Manager
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
network
low complexity
solarwinds CWE-732
8.8
8.8
2017-03-24 CVE-2017-5198 Unspecified vulnerability in Solarwinds LOG and Event Manager
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
local
low complexity
solarwinds
8.8
8.8
2017-03-23 CVE-2017-7246 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre 8.40
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
local
low complexity
pcre CWE-119
7.8
7.8