Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2015-7945 Information Exposure vulnerability in Spi-Inc Ganeti
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
network
low complexity
spi-inc CWE-200
7.5
2017-08-18 CVE-2015-7944 Resource Management Errors vulnerability in Spi-Inc Ganeti
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
network
low complexity
spi-inc CWE-399
7.5
2017-08-18 CVE-2015-3649 Improper Input Validation vulnerability in Open-Uri-Cached Project Open-Uri-Cached 0.0.5
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
local
low complexity
open-uri-cached-project CWE-20
7.8
2017-08-18 CVE-2017-12944 Allocation of Resources Without Limits or Throttling vulnerability in Libtiff 4.0.8
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
network
low complexity
libtiff CWE-770
7.5
2017-08-18 CVE-2017-9454 Out-of-bounds Read vulnerability in Resiprocate
Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.
network
low complexity
resiprocate CWE-125
7.5
2017-08-18 CVE-2017-12440 Missing Authentication for Critical Function vulnerability in Openstack 07132017
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
network
high complexity
openstack CWE-306
7.5
2017-08-18 CVE-2017-10665 Path Traversal vulnerability in PHPgrid
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd.
local
low complexity
phpgrid CWE-22
7.8
2017-08-18 CVE-2017-2289 Untrusted Search Path vulnerability in Kddi QUA Station Firmware 1.00.03
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
kddi CWE-426
7.8
2017-08-18 CVE-2017-2228 Untrusted Search Path vulnerability in Enecho.Meti Teikihoukokusho Sakuseishien Tool 4.0
Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
enecho-meti CWE-426
7.8
2017-08-18 CVE-2017-12938 Path Traversal vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the .
network
low complexity
rarlab CWE-22
7.5