Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2017-14616 | Resource Exhaustion vulnerability in Watchguard Fireware An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. | 7.8 |
| 2017-09-20 | CVE-2015-6673 | Use After Free vulnerability in Libpgf 6.11.42/6.12.24/6.14.12 Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | 7.5 |
| 2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in Debian Linux 7.0/8.0/9.0 Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
| 2017-09-20 | CVE-2017-12611 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 7.5 |
| 2017-09-20 | CVE-2016-6795 | Path Traversal vulnerability in Apache Struts In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 7.5 |
| 2017-09-20 | CVE-2017-14339 | Infinite Loop vulnerability in Yadifa The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. | 7.8 |
| 2017-09-20 | CVE-2015-4073 | SQL Injection vulnerability in Helpdesk PRO Project Helpdesk PRO Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | 7.5 |
| 2017-09-20 | CVE-2017-8770 | Information Exposure vulnerability in Twsz Wifi Repeater Firmware There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | 7.8 |
| 2017-09-19 | CVE-2015-4683 | Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | 7.5 |
| 2017-09-19 | CVE-2015-4681 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 7.2 |