Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2012-0881 | Resource Management Errors vulnerability in Apache Xerces2 Java 2.10.0/2.11.0/2.9.1 Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. | 7.5 |
| 2017-10-30 | CVE-2017-15921 | NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. | 7.5 |
| 2017-10-30 | CVE-2017-15920 | NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. | 7.5 |
| 2017-10-30 | CVE-2017-9450 | Improper Privilege Management vulnerability in Amazon web Services Cloudformation Bootstrap The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | 7.8 |
| 2017-10-30 | CVE-2017-9377 | OS Command Injection vulnerability in Barco products A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. | 8.8 |
| 2017-10-30 | CVE-2017-7411 | Code Injection vulnerability in Enalean Tuleap An issue was discovered in Enalean Tuleap 9.6 and prior versions. | 8.8 |
| 2017-10-30 | CVE-2016-3090 | Improper Input Validation vulnerability in Apache Struts The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | 8.8 |
| 2017-10-30 | CVE-2015-0226 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Wss4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. | 7.5 |
| 2017-10-30 | CVE-2015-0224 | Data Processing Errors vulnerability in Apache Qpid qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. | 7.5 |
| 2017-10-30 | CVE-2014-3526 | Information Exposure vulnerability in Apache Wicket Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. | 7.5 |