Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-03 CVE-2015-8814 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
network
low complexity
umbraco CWE-352
8.8
8.8
2017-03-03 CVE-2015-8813 Server-Side Request Forgery (SSRF) vulnerability in Umbraco
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
network
low complexity
umbraco CWE-918
8.2
8.2
2017-03-03 CVE-2017-5836 Double Free vulnerability in Libimobiledevice Libplist
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
network
low complexity
libimobiledevice CWE-415
7.5
7.5
2017-03-03 CVE-2017-5835 Allocation of Resources Without Limits or Throttling vulnerability in Libimobiledevice Libplist
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
network
low complexity
libimobiledevice CWE-770
7.5
7.5
2017-03-03 CVE-2017-5613 Use of Externally-Controlled Format String vulnerability in Cpanel Cgiecho and Cgiemail
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
local
low complexity
cpanel CWE-134
7.8
7.8
2017-03-03 CVE-2017-5356 Out-of-bounds Read vulnerability in multiple products
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
network
low complexity
irssi debian CWE-125
7.5
7.5
2017-03-03 CVE-2017-5196 Out-of-bounds Read vulnerability in Irssi 0.8.18/0.8.19/0.8.20
Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8.
network
low complexity
irssi CWE-125
7.5
7.5
2017-03-03 CVE-2017-5195 Out-of-bounds Read vulnerability in Irssi
Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.
network
low complexity
irssi CWE-125
7.5
7.5
2017-03-03 CVE-2017-5194 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
network
low complexity
irssi debian CWE-416
7.5
7.5
2017-03-03 CVE-2017-5193 NULL Pointer Dereference vulnerability in multiple products
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
network
low complexity
irssi debian CWE-476
7.5
7.5