Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-05-10 CVE-2017-8874 Cross-Site Request Forgery (CSRF) vulnerability in Acquia Mautic 1.4.1
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
network
low complexity
acquia CWE-352
8.8
2017-05-10 CVE-2017-8872 Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
network
low complexity
xmlsoft CWE-125
critical
9.1
2017-05-10 CVE-2017-8868 Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php.
network
low complexity
flatcore CWE-22
7.5
2017-05-10 CVE-2017-5892 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
network
low complexity
asus CWE-200
7.5
2017-05-10 CVE-2017-5891 Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
network
low complexity
asus CWE-352
8.8
2017-05-10 CVE-2016-10371 Improper Input Validation vulnerability in Libtiff 4.0.6
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
local
low complexity
libtiff CWE-20
5.5
2017-05-09 CVE-2017-8859 Unspecified vulnerability in Veritas Netbackup Appliance
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
network
low complexity
veritas
critical
9.8
2017-05-09 CVE-2017-8858 Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup and Netbackup Appliance
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
network
low complexity
veritas CWE-732
critical
9.8
2017-05-09 CVE-2017-8857 Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup and Netbackup Appliance
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
network
low complexity
veritas CWE-732
critical
9.8
2017-05-09 CVE-2017-8856 Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup and Netbackup Appliance
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
network
low complexity
veritas CWE-732
critical
9.8