Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12262 | Improper Initialization vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. | 8.8 |
| 2017-11-02 | CVE-2017-12261 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. | 7.8 |
| 2017-11-02 | CVE-2017-12243 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. | 7.8 |
| 2017-11-02 | CVE-2017-10873 | Improper Authentication vulnerability in Osstech Openam OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. | 8.1 |
| 2017-11-02 | CVE-2017-10870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems products Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. | 7.8 |
| 2017-11-02 | CVE-2017-10825 | Untrusted Search Path vulnerability in Flets-W Flets Easy Setup Tool 1.2.0 Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-11-01 | CVE-2017-1300 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-11-01 | CVE-2017-16358 | Out-of-bounds Read vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | 7.8 |
| 2017-11-01 | CVE-2017-16357 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 2.0.1 In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. | 7.8 |
| 2017-11-01 | CVE-2017-15918 | Insufficiently Protected Credentials vulnerability in Ignitum Sera 1.2 Sera 1.2 stores the user's login password in plain text in their home directory. | 7.8 |