Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-7969 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.8 |
| 2017-09-26 | CVE-2014-8170 | Use of Externally-Controlled Format String vulnerability in Ovirt Ovirt-Node 3.0.0474Gb852Fd7 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | 8.8 |
| 2017-09-26 | CVE-2014-8156 | Permissions, Privileges, and Access Controls vulnerability in multiple products The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. local low complexity fso-frameworkd-project fso-gsmd-project fso-usaged-project phonefsod-project CWE-264 | 7.8 |
| 2017-09-26 | CVE-2014-0997 | Data Processing Errors vulnerability in Google Android 4.1.2/4.2.2/4.4.4 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | 7.5 |
| 2017-09-25 | CVE-2017-14734 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libbpg Project Libbpg 0.9.7 The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. | 8.8 |
| 2017-09-25 | CVE-2016-5868 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | 7.0 |
| 2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 8.8 |
| 2017-09-25 | CVE-2015-5704 | Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 7.8 |
| 2017-09-25 | CVE-2015-5263 | Improper Certificate Validation vulnerability in Pulpproject Pulp pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | 8.1 |
| 2017-09-25 | CVE-2015-5184 | Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server Console: CORS headers set to allow all in Red Hat AMQ. | 7.5 |