Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2017-14530 | Cross-Site Request Forgery (CSRF) vulnerability in Crony Cronjob Manager Project Crony Cronjob Manager WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | 8.0 |
| 2017-09-17 | CVE-2017-14520 | Improper Input Validation vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | 7.8 |
| 2017-09-17 | CVE-2017-14519 | Infinite Loop vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | 7.5 |
| 2017-09-17 | CVE-2017-14518 | Improper Input Validation vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | 7.8 |
| 2017-09-17 | CVE-2017-14515 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda W15E Firmware 15.11.0.10(1576)/15.11.0.14/V15.11.0.13Cn Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | 7.5 |
| 2017-09-17 | CVE-2017-14514 | Path Traversal vulnerability in Tenda W15E Firmware 15.11.0.10(1576)/15.11.0.14/V15.11.0.13Cn Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | 7.5 |
| 2017-09-17 | CVE-2017-14511 | Improper Input Validation vulnerability in SAP E-Recruiting An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. | 7.5 |
| 2017-09-17 | CVE-2017-14509 | Improper Input Validation vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 8.8 |
| 2017-09-17 | CVE-2017-14508 | SQL Injection vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 8.8 |
| 2017-09-17 | CVE-2017-14502 | Off-by-one Error vulnerability in Libarchive 3.3.2 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | 7.5 |