Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2015-5182 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 8.8 |
| 2017-09-25 | CVE-2012-6696 | Improper Input Validation vulnerability in Inspircd inspircd in Debian before 2.0.7 does not properly handle unsigned integers. | 7.5 |
| 2017-09-25 | CVE-2017-14730 | Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 7.2 |
| 2017-09-25 | CVE-2017-14125 | SQL Injection vulnerability in Wpdevart Responsive Image Gallery Album SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | 7.5 |
| 2017-09-25 | CVE-2017-12905 | Server-Side Request Forgery (SSRF) vulnerability in Vebto Pixie Image Editor 1.4/1.7 Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | 7.5 |
| 2017-09-25 | CVE-2015-5237 | Out-of-bounds Write vulnerability in Google Protobuf protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | 8.8 |
| 2017-09-25 | CVE-2015-4669 | SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | 7.2 |
| 2017-09-25 | CVE-2015-4667 | Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 Multiple hardcoded credentials in Xsuite 2.x. | 7.5 |
| 2017-09-25 | CVE-2017-14729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 7.8 |
| 2017-09-23 | CVE-2017-14723 | SQL Injection vulnerability in Wordpress Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | 7.5 |