Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-27 | CVE-2017-14766 | Improper Authentication vulnerability in Saadamin Simple Student Result The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number. | 7.5 |
| 2017-09-27 | CVE-2017-14764 | Code Injection vulnerability in Genixcms 1.1.4 In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | 8.8 |
| 2017-09-27 | CVE-2017-14763 | Unspecified vulnerability in Genixcms 1.1.4 In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. | 8.8 |
| 2017-09-26 | CVE-2017-14749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 1.0 JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | 7.8 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 8.8 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-26 | CVE-2017-14745 | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 7.8 |
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 8.8 |
| 2017-09-26 | CVE-2017-5192 | Improper Authentication vulnerability in Saltstack Salt When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 8.8 |
| 2017-09-26 | CVE-2017-14704 | Unrestricted Upload of File with Dangerous Type vulnerability in Claydip Airbnb Clone 1.0 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | 8.8 |