Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-17 CVE-2017-5659 Improper Input Validation vulnerability in Apache Traffic Server
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
network
low complexity
apache CWE-20
7.5
2017-04-17 CVE-2016-5396 Resource Management Errors vulnerability in Apache Traffic Server
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
network
low complexity
apache CWE-399
7.5
2017-04-17 CVE-2017-5650 Improper Resource Shutdown or Release vulnerability in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data.
network
low complexity
apache CWE-404
7.5
2017-04-17 CVE-2017-5647 Information Exposure vulnerability in Apache Tomcat
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed.
network
low complexity
apache CWE-200
7.5
2017-04-17 CVE-2016-7551 Resource Management Errors vulnerability in multiple products
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
network
low complexity
digium debian CWE-399
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-17 CVE-2017-7885 Integer Overflow or Wraparound vulnerability in Artifex Jbig2Dec 0.13
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
local
low complexity
artifex CWE-190
7.1
2017-04-16 CVE-2017-7615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
network
low complexity
mantisbt CWE-640
8.8
2017-04-15 CVE-2017-7881 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header.
network
low complexity
bigtreecms CWE-352
8.8
2017-04-14 CVE-2017-7879 SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
network
low complexity
flatcore CWE-89
7.5