Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-11567 | Cross-Site Request Forgery (CSRF) vulnerability in Cesanta Mongoose Embedded web Server Library Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. | 8.8 |
| 2017-09-07 | CVE-2016-0732 | Improper Privilege Management vulnerability in multiple products The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | 8.8 |
| 2017-09-07 | CVE-2015-3250 | Information Exposure vulnerability in Apache Directory Ldap API 1.0.0 Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. | 7.5 |
| 2017-09-07 | CVE-2017-14169 | Improper Input Validation vulnerability in multiple products In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. | 8.8 |
| 2017-09-06 | CVE-2015-7294 | LDAP Injection vulnerability in Ldapauth-Fork Project Ldapauth-Fork ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. | 7.5 |
| 2017-09-06 | CVE-2015-5948 | Race Condition vulnerability in Salesagility Suitecrm Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | 8.1 |
| 2017-09-06 | CVE-2015-5947 | Race Condition vulnerability in Salesagility Suitecrm SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | 8.1 |
| 2017-09-06 | CVE-2015-5705 | Link Following vulnerability in multiple products Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | 7.5 |
| 2017-09-06 | CVE-2015-3454 | Information Exposure vulnerability in Vulcanjs Vulcan TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | 7.5 |
| 2017-09-06 | CVE-2015-3450 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aspl Libaxl 0.6.9 Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | 8.8 |