Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-24 | CVE-2017-15880 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | 7.2 |
| 2017-10-24 | CVE-2017-15879 | Improper Input Validation vulnerability in Keystonejs Keystone 4.0.0 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | 8.8 |
| 2017-10-24 | CVE-2017-1583 | Information Exposure vulnerability in IBM Liberty 3.13 IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. | 7.5 |
| 2017-10-24 | CVE-2017-1523 | Missing Authentication for Critical Function vulnerability in IBM Infosphere Master Data Management 11.5 IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. | 7.5 |
| 2017-10-24 | CVE-2017-1375 | Inadequate Encryption Strength vulnerability in IBM Storwize Unified V7000 Software 1.5/1.6 IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-10-24 | CVE-2017-1210 | Improper Input Validation vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. | 7.5 |
| 2017-10-24 | CVE-2017-15871 | Infinite Loop vulnerability in Serialize-To-Js Project Serialize-To-Js The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. | 7.5 |
| 2017-10-24 | CVE-2016-10517 | 7PK - Security Features vulnerability in Redislabs Redis networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | 7.4 |
| 2017-10-24 | CVE-2017-14696 | Improper Input Validation vulnerability in Saltstack Salt SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | 7.5 |
| 2017-10-24 | CVE-2015-5173 | Information Exposure vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." | 8.8 |