Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-20 | CVE-2017-13127 | Information Exposure vulnerability in VIP The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | 8.1 |
| 2017-10-20 | CVE-2013-6049 | Improper Input Validation vulnerability in multiple products apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | 7.8 |
| 2017-10-20 | CVE-2017-6145 | Insufficient Session Expiration vulnerability in F5 products iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. | 7.3 |
| 2017-10-20 | CVE-2017-6144 | Improper Certificate Validation vulnerability in F5 Big-Ip Policy Enforcement Manager 12.1.0/12.1.1/12.1.2 In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. | 7.4 |
| 2017-10-20 | CVE-2017-12628 | Deserialization of Untrusted Data vulnerability in Apache James Server 2.3.2/2.3.2.1/3.0.0 The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. | 7.8 |
| 2017-10-20 | CVE-2017-2133 | SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-10-20 | CVE-2017-2132 | Improper Input Validation vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | 7.5 |
| 2017-10-19 | CVE-2017-15650 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Musl-Libc Musl musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. | 7.5 |
| 2017-10-19 | CVE-2017-14017 | Uncontrolled Search Path Element vulnerability in Progea Movicon 11.4/11.4.1150/11.5.1181 An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. | 7.8 |
| 2017-10-19 | CVE-2017-15649 | Race Condition vulnerability in Linux Kernel net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | 7.8 |