Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2015-3314 | SQL Injection vulnerability in Tune Library Project Tune Library SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | 8.1 |
| 2017-09-07 | CVE-2015-3222 | Permissions, Privileges, and Access Controls vulnerability in Ossec syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | 7.0 |
| 2017-09-07 | CVE-2014-9565 | Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | 8.8 |
| 2017-09-07 | CVE-2017-14181 | NULL Pointer Dereference vulnerability in Aacplusenc Project Aacplusenc 0.17.5 DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference. | 7.8 |
| 2017-09-07 | CVE-2013-7428 | Resource Exhaustion vulnerability in Mapsplugin Googlemaps 3.0 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php. | 7.5 |
| 2017-09-07 | CVE-2017-9779 | Unspecified vulnerability in Ocaml 4.02.3/4.04.0/4.04.1 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." | 7.8 |
| 2017-09-07 | CVE-2015-1590 | Permissions, Privileges, and Access Controls vulnerability in Kamailio The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | 7.8 |
| 2017-09-07 | CVE-2017-6362 | Double Free vulnerability in multiple products Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | 7.5 |
| 2017-09-07 | CVE-2017-13713 | OS Command Injection vulnerability in Twsz Wifi Repeater Firmware T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | 8.8 |
| 2017-09-07 | CVE-2017-12838 | Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5 Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. | 8.8 |