Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2015-3206 | Improper Authentication vulnerability in Apple Pykerberos The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | 8.1 |
| 2017-08-25 | CVE-2015-1395 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. | 7.5 |
| 2017-08-25 | CVE-2015-1325 | Race Condition vulnerability in Canonical Ubuntu Linux Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | 7.0 |
| 2017-08-25 | CVE-2015-1324 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | 7.8 |
| 2017-08-25 | CVE-2017-12703 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo products A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 8.8 |
| 2017-08-25 | CVE-2016-5816 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 7.5 |
| 2017-08-25 | CVE-2017-13692 | Improper Input Validation vulnerability in Htacg Tidy 5.5.31 In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | 7.5 |
| 2017-08-24 | CVE-2017-13686 | NULL Pointer Dereference vulnerability in Linux Kernel 4.13 net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-08-24 | CVE-2015-8355 | SQL Injection vulnerability in Orion-Soft Bitrix 2.1.2 Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | 8.8 |
| 2017-08-24 | CVE-2015-8308 | Improper Authentication vulnerability in Lxdm Project Lxdm LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | 7.8 |