Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2015-5183 | Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | 7.5 |
| 2017-09-25 | CVE-2015-5182 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 8.8 |
| 2017-09-25 | CVE-2017-14730 | Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 7.8 |
| 2017-09-25 | CVE-2015-7318 | Improper Input Validation vulnerability in Plone Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | 7.5 |
| 2017-09-25 | CVE-2015-5237 | Out-of-bounds Write vulnerability in Google Protobuf protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | 8.8 |
| 2017-09-25 | CVE-2015-4669 | SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | 7.8 |
| 2017-09-25 | CVE-2017-14729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 7.8 |
| 2017-09-25 | CVE-2017-1362 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0 IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2017-09-25 | CVE-2017-14683 | Cross-Site Request Forgery (CSRF) vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | 8.8 |
| 2017-09-23 | CVE-2017-14727 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | 7.5 |