Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2017-7692 | Improper Input Validation vulnerability in Squirrelmail 1.4.22 SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. | 8.8 |
| 2017-04-20 | CVE-2017-7283 | Improper Input Validation vulnerability in Unitrends Enterprise Backup An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | 8.8 |
| 2017-04-20 | CVE-2017-6919 | Unspecified vulnerability in Drupal Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. | 7.5 |
| 2017-04-19 | CVE-2017-7979 | Improper Input Validation vulnerability in Linux Kernel 4.11 The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. | 7.8 |
| 2017-04-19 | CVE-2017-7978 | Information Exposure vulnerability in Samsung Mobile Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. | 7.5 |
| 2017-04-19 | CVE-2017-7976 | Integer Overflow or Wraparound vulnerability in Artifex Jbig2Dec 0.13 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. | 7.1 |
| 2017-04-19 | CVE-2013-7463 | Use of Insufficiently Random Values vulnerability in Aescrypt Project Aescrypt 1.0.0 The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | 7.5 |
| 2017-04-19 | CVE-2017-7975 | Integer Overflow or Wraparound vulnerability in Artifex Jbig2Dec 0.13 Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | 7.8 |
| 2017-04-19 | CVE-2017-7963 | Allocation of Resources Without Limits or Throttling vulnerability in PHP The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. | 7.5 |
| 2017-04-19 | CVE-2017-7961 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Libcroco 0.6.11/0.6.12 The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. | 7.8 |