Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 7.5 |
2017-09-28 | CVE-2017-12814 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | 7.5 |
2017-09-28 | CVE-2017-11191 | Session Fixation vulnerability in Freeipa FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. | 8.8 |
2017-09-28 | CVE-2015-1526 | Integer Overflow or Wraparound vulnerability in Google Android The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | 7.1 |
2017-09-28 | CVE-2015-1336 | Improper Access Control vulnerability in Man-Db Project Man-Db The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | 7.2 |
2017-09-27 | CVE-2017-14760 | SQL Injection vulnerability in Eventespresso Event Espresso Lite SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | 7.5 |
2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.5 |
2017-09-26 | CVE-2015-7670 | SQL Injection vulnerability in Support Ticket System Project Support Ticket System Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | 7.5 |
2017-09-26 | CVE-2015-7390 | SQL Injection vulnerability in Testlink SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | 7.5 |
2017-09-26 | CVE-2017-14703 | SQL Injection vulnerability in Cashbackcomparisonscript Cash Back Comparison 1.0 SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | 7.5 |