Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-6748 Injection vulnerability in Cisco products
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root.
local
low complexity
cisco CWE-74
7.2
2017-07-25 CVE-2017-11459 Code Injection vulnerability in SAP Trex 7.10
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
network
low complexity
sap CWE-94
7.5
2017-07-25 CVE-2015-4035 Improper Input Validation vulnerability in Tukaani XZ 4.999.7/4.999.8/4.999.9
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
local
low complexity
tukaani CWE-20
7.8
2017-07-25 CVE-2015-3278 Improper Input Validation vulnerability in NSS Compat Ossl Project NSS Compat Ossl
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
network
low complexity
nss-compat-ossl-project CWE-20
7.5
2017-07-25 CVE-2015-2798 SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
web-dorado CWE-89
7.5
2017-07-25 CVE-2015-1438 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Panda Security products
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers.
local
low complexity
panda-security CWE-119
7.2
2017-07-25 CVE-2017-11614 Use of Hard-coded Credentials vulnerability in Medhost Connex
MEDHOST Connex contains hard-coded credentials that are used for customer database access.
network
low complexity
medhost CWE-798
7.5
2017-07-25 CVE-2017-11566 OS Command Injection vulnerability in Appsec-Labs Appuse 4.0
AppUse 4.0 allows shell command injection via a proxy field.
local
low complexity
appsec-labs CWE-78
7.2
2017-07-25 CVE-2017-9457 Improper Input Validation vulnerability in Compulab Intense PC Firmware
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware.
local
low complexity
compulab CWE-20
7.2
2017-07-25 CVE-2016-7539 Resource Management Errors vulnerability in Imagemagick
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
network
low complexity
imagemagick CWE-399
7.8