Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-14011 | Cross-Site Request Forgery (CSRF) vulnerability in Prominent Multiflex M10A Controller Firmware A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 8.8 |
| 2017-10-17 | CVE-2017-14005 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prominent Multiflex M10A Controller Firmware An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 8.8 |
| 2017-10-17 | CVE-2017-6273 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Adsp Firmware NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. | 7.8 |
| 2017-10-17 | CVE-2017-5531 | Unspecified vulnerability in Tibco products Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. | 8.8 |
| 2017-10-17 | CVE-2017-3760 | Insufficiently Protected Credentials vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 8.1 |
| 2017-10-17 | CVE-2017-3759 | Improper Input Validation vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application accepts some responses from the server without proper validation. | 8.1 |
| 2017-10-17 | CVE-2014-9118 | Command Injection vulnerability in Dasanzhone Znid 2426A Firmware The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | 8.8 |
| 2017-10-17 | CVE-2014-8357 | Credentials Management vulnerability in Dasanzhone Znid 2426A Firmware backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | 8.8 |
| 2017-10-17 | CVE-2014-2664 | Unrestricted Upload of File with Dangerous Type vulnerability in X2Engine X2Crm Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 8.8 |
| 2017-10-17 | CVE-2014-2277 | Improper Access Control vulnerability in Perltidy Project Perltidy The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | 7.1 |