Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-30 | CVE-2017-8364 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rzip Project Rzip 2.1 The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | 7.8 |
| 2017-04-30 | CVE-2017-8361 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 8.8 |
| 2017-04-30 | CVE-2017-8081 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cagintranetworks Getsimple CMS 3.3.13 Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | 8.8 |
| 2017-04-30 | CVE-2017-7721 | Improper Input Validation vulnerability in Irfanview FPX and Irfanview IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. | 7.8 |
| 2017-04-30 | CVE-2017-8342 | Race Condition vulnerability in Radicale Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | 8.1 |
| 2017-04-29 | CVE-2017-8326 | Incorrect Calculation vulnerability in Entropymine Imageworsener libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c. | 8.8 |
| 2017-04-29 | CVE-2017-8325 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Entropymine Imageworsener The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image. | 8.8 |
| 2017-04-29 | CVE-2017-8114 | Improper Privilege Management vulnerability in Roundcube Webmail Roundcube Webmail allows arbitrary password resets by authenticated users. | 8.8 |
| 2017-04-29 | CVE-2017-7957 | Improper Input Validation vulnerability in multiple products XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | 7.5 |
| 2017-04-29 | CVE-2017-7981 | OS Command Injection vulnerability in multiple products Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. | 8.8 |