Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2015-8334 | SQL Injection vulnerability in Huawei Vcn500 Firmware V100R002C00Spc200/V100R002C00Spc200B010 SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 8.8 |
| 2017-08-29 | CVE-2015-7255 | Information Exposure vulnerability in ZTE products ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | 7.5 |
| 2017-08-29 | CVE-2015-5209 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 7.5 |
| 2017-08-29 | CVE-2015-4649 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | 7.2 |
| 2017-08-29 | CVE-2015-3657 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | 7.2 |
| 2017-08-29 | CVE-2015-3656 | Improper Authorization vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | 7.2 |
| 2017-08-29 | CVE-2015-3655 | Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | 8.8 |
| 2017-08-29 | CVE-2015-3654 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | 7.2 |
| 2017-08-29 | CVE-2015-3653 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | 7.2 |
| 2017-08-29 | CVE-2017-10952 | Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.2.0.2051 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. | 8.8 |