Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2017-16737 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con Levistudio HMI Editor Firmware 1.8.29 An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. | 7.8 |
| 2018-01-12 | CVE-2017-14030 | Unquoted Search Path or Element vulnerability in Moxa Mxview An issue was discovered in Moxa MXview v2.8 and prior. | 7.8 |
| 2018-01-12 | CVE-2017-16886 | Cross-Site Request Forgery (CSRF) vulnerability in Fiberhome Lm53Q1 Firmware Vh519R05C01S38 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. | 8.8 |
| 2018-01-12 | CVE-2016-0335 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 |
| 2018-01-12 | CVE-2016-0327 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. | 7.8 |
| 2018-01-12 | CVE-2016-0324 | Command Injection vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. | 8.8 |
| 2018-01-12 | CVE-2015-3888 | Improper Access Control vulnerability in Jolla Sailfish OS Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | 7.5 |
| 2018-01-12 | CVE-2015-2298 | Information Exposure vulnerability in Etherpad 1.5.0/1.5.1 node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. | 7.5 |
| 2018-01-12 | CVE-2014-8166 | Improper Input Validation vulnerability in Cups The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. | 8.8 |
| 2018-01-12 | CVE-2014-7952 | Injection vulnerability in Google Android The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | 7.8 |