Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-06 CVE-2017-6497 NULL Pointer Dereference vulnerability in Imagemagick 6.9.7
An issue was discovered in ImageMagick 6.9.7.
network
low complexity
imagemagick CWE-476
7.5
7.5
2017-03-06 CVE-2017-6351 Use of Hard-coded Credentials vulnerability in Wepresent Wipg-1500 Firmware 1.0.3.7
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password.
network
high complexity
wepresent CWE-798
8.1
8.1
2017-03-06 CVE-2017-6334 OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
network
low complexity
netgear CWE-78
8.8
8.8
2017-03-05 CVE-2017-6492 SQL Injection vulnerability in Admidio 3.2.5
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5.
network
low complexity
admidio CWE-89
7.2
7.2
2017-03-05 CVE-2017-6445 Missing Encryption of Sensitive Data vulnerability in Openelec 6.0.3/7.0.1
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates.
network
high complexity
openelec CWE-311
8.1
8.1
2017-03-04 CVE-2017-6474 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-04 CVE-2017-6473 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-03-04 CVE-2017-6472 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-04 CVE-2017-6471 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-03-04 CVE-2017-6470 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5