Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-25 | CVE-2017-6748 | Injection vulnerability in Cisco products A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 7.2 |
2017-07-25 | CVE-2017-11459 | Code Injection vulnerability in SAP Trex 7.10 SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | 7.5 |
2017-07-25 | CVE-2015-4035 | Improper Input Validation vulnerability in Tukaani XZ 4.999.7/4.999.8/4.999.9 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. | 7.8 |
2017-07-25 | CVE-2015-3278 | Improper Input Validation vulnerability in NSS Compat Ossl Project NSS Compat Ossl The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. | 7.5 |
2017-07-25 | CVE-2015-2798 | SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1 SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2017-07-25 | CVE-2015-1438 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Panda Security products Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. | 7.2 |
2017-07-25 | CVE-2017-11614 | Use of Hard-coded Credentials vulnerability in Medhost Connex MEDHOST Connex contains hard-coded credentials that are used for customer database access. | 7.5 |
2017-07-25 | CVE-2017-11566 | OS Command Injection vulnerability in Appsec-Labs Appuse 4.0 AppUse 4.0 allows shell command injection via a proxy field. | 7.2 |
2017-07-25 | CVE-2017-9457 | Improper Input Validation vulnerability in Compulab Intense PC Firmware Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. | 7.2 |
2017-07-25 | CVE-2016-7539 | Resource Management Errors vulnerability in Imagemagick Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |