Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2017-14609 | Improper Initialization vulnerability in Kannel The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | 7.8 |
| 2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
| 2017-09-20 | CVE-2015-3890 | Use After Free vulnerability in Litespeedtech Openlitespeed Use-after-free vulnerability in Open Litespeed before 1.3.10. | 7.5 |
| 2017-09-20 | CVE-2015-0162 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0 IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | 7.0 |
| 2017-09-20 | CVE-2017-9804 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 7.5 |
| 2017-09-20 | CVE-2017-9793 | Improper Input Validation vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | 7.5 |
| 2017-09-20 | CVE-2017-14607 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. | 8.1 |
| 2017-09-20 | CVE-2017-9607 | Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 7.0 |
| 2017-09-20 | CVE-2017-7924 | Improper Input Validation vulnerability in Rockwellautomation products An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. | 7.5 |
| 2017-09-20 | CVE-2017-14339 | Infinite Loop vulnerability in Yadifa The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. | 7.5 |