Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-6154 | Improper Input Validation vulnerability in F5 Big-Ip Application Security Manager On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | 7.5 |
| 2018-03-01 | CVE-2017-6150 | Improper Input Validation vulnerability in F5 products Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). | 7.5 |
| 2018-02-28 | CVE-2018-6947 | Improper Initialization vulnerability in multiple products An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | 7.8 |
| 2018-02-28 | CVE-2015-5079 | Path Traversal vulnerability in Blackcat-Cms Blackcat CMS Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2018-02-28 | CVE-2015-4117 | OS Command Injection vulnerability in Vestacp Control Panel Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | 8.8 |
| 2018-02-28 | CVE-2016-0295 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 7.5 |
| 2018-02-28 | CVE-2017-12191 | Unspecified vulnerability in Redhat Cloudforms 4.5 A flaw was found in the CloudForms account configuration when using VMware. | 7.4 |
| 2018-02-28 | CVE-2018-7482 | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |