Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-18 | CVE-2017-8255 | Integer Overflow or Wraparound vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | 7.8 |
| 2017-08-18 | CVE-2017-8253 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | 7.8 |
| 2017-08-18 | CVE-2017-12949 | SQL Injection vulnerability in Podlove Podcast Publisher 2.5.3 lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | 8.8 |
| 2017-08-18 | CVE-2017-12947 | SQL Injection vulnerability in Easymodal Project Easy Modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 7.2 |
| 2017-08-18 | CVE-2017-12946 | SQL Injection vulnerability in Easymodal Project Easy Modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 7.2 |
| 2017-08-18 | CVE-2017-12881 | Cross-Site Request Forgery (CSRF) vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | 8.8 |
| 2017-08-18 | CVE-2016-10389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. | 7.8 |
| 2017-08-18 | CVE-2016-10383 | Race Condition vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | 8.1 |
| 2017-08-18 | CVE-2015-5153 | Permission Issues vulnerability in Pulp Project Pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | 8.8 |
| 2017-08-18 | CVE-2015-5081 | Cross-Site Request Forgery (CSRF) vulnerability in Django-Cms Django CMS 3.0.13/3.1 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | 8.8 |